I am in the midst of editing a new version which includes a few breaking
changes such at header attribute name changes ('token' to 'id', 'signature' to
'mac') as well as a new attribute ('issuer' to indicate the host:port where the
credentials were issues - in OAuth, the host and post of the authorization
server). The normalized request string is also changing (adding the issuer
value).
These are all changed in an early revision, so all of this can still change.
I just wanted to give people the heads up that this is coming in a couple of
weeks and that if you have deployed the draft or plan to, that you will need to
make these changes on both client and server.
Apologies for any issues this might cause, but this draft is not yet stable.
EHL
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
