Hey, all- I'm using Restlet 2.1 RC1, and the OAuth2 extension, to create an OAuth2 protected resource.
The OAuth authentication server my app is connecting to is using the Spring Security OAuth plugin. (Not my choice....) When I specify an OAuth scope for my resource, the authentication server can't handle the token validation request. From tracing through the 2 codebases, it looks like org.restlet.ext.oauth.OAuthAuthorizer.createValidationRequest() is encoding the scope[s] in a JSON array of strings. The Spring server is trying to decode the scope[s] as a (single) space-delimited string. From looking at the draft OAuth2 standard, assuming I'm looking at the right version, it looks like the scopes are supposed to be sent as a space-delimited string. Here's where I'm looking: http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3 Am I reading this wrong? Is one or the other of the OAuth2 implementations handling this improperly? Thanks for your time! -------------------------- John Wismar ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2866269
