The OAuth 2.0 draft 5 spec<http://tools.ietf.org/id/draft-ietf-oauth-v2-05.html#authz_header>tells about how the Authorization header can contain a Token as well as an optional set of parameters for tokens that have associated secrets. But the query string and POST methods for including the access token does not discuss whether these extra parameters are allowed. Am I missing something, or are tokens with secrets only usable in the Authorization header?
-- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
