> Draft 10 switched from "Token" scheme in the authorization header to
> "OAuth". I'd rather we didn't reuse OAuth.
I agree that "OAuth" is taken as a scheme name.
I like "Bearer" for the Authorization header scheme holding an access token.
We should use a different name for the WWW-Authentication scheme that announces
that user delegation or credential-swapping can be used to get credentials to
access this service. "OAuth2" would be a decent choice for this, "Delegate"
might be even better.
--> GET ...
<-- 401
WWW-Authenticate: Delegate realm=... user_uri=... token_uri=... features=...
<-> do the OAuth2 stuff
--> GET ...
Authorization: Bearer a=...
--
James Manger
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
