> -----Original Message----- > From: Yaron Goland [mailto:[email protected]] > Sent: Monday, May 10, 2010 4:43 PM
> > 2. Client Authentication (in flows) > > > > How should the client authenticate when making token requests? The > > current draft defines special request parameters for sending client > > credentials. Some have argued that this is not the correct way, and > > that the client should be using existing HTTP authentication schemes > > to accomplish that such as Basic. > > > > A. Client authenticates by sending its credentials using special > > parameters (current draft) B. Client authenticated by using HTTP Basic > > (or other schemes supported by the server such as Digest) > > > [Yaron Goland] A is needed at a minimum because there are physical > limitations to how many bytes can go into an authorization header. What? Basic auth seems to be working just fine for the entire web... EHL _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
