Yep. You are not missing anything. EHL
From: [email protected] [mailto:[email protected]] On Behalf Of Andrew Arnott Sent: Friday, May 28, 2010 8:14 PM To: OAuth WG ([email protected]) Subject: [OAUTH-WG] Authorization tokens with signatures on query strings and POST entity The OAuth 2.0 draft 5 spec<http://tools.ietf.org/id/draft-ietf-oauth-v2-05.html#authz_header> tells about how the Authorization header can contain a Token as well as an optional set of parameters for tokens that have associated secrets. But the query string and POST methods for including the access token does not discuss whether these extra parameters are allowed. Am I missing something, or are tokens with secrets only usable in the Authorization header? -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
