There was some discussion on the type for the authorization header being OAUTH / MAC / BEARER etc. Did we have a resolution?
As for section 2.2 and 2.3, should we not have a more neutral solution as well and use "authorization_token" instead of oauth_token. The idea is that the parameter corresponds to the authorization header and NOT the value of it. The value of such a parameter an be an encoded value that corresponds to the authorization header. For example: GET /resource?authorization_token=BEARER+vF9dft4qmT HTTP/1.1 Host: server.example.com instead of GET /resource?oauth_token=vF9dft4qmT HTTP/1.1 Host: server.example.com The concern is that if for some reason you switch to "MAC" tokens, then you have to change parameter names. Why not keep them consistent? Apologies if this was already resolved. Phil [email protected]
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
