Hi,
I'm reading through draft 6 of the bearer token spec and had a
question about one of the examples. In section 2.4 there's an error
response example when an expired token is used:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="example"
error="invalid_token",
error_description="The access token expired"
I think there should be a comma after realm="example"
Also, I wasn't sure about spaces in the error_description. I'm digging
through related linked specs to try to work out what a quoted-string
should actually look like. Are spaces allowed? Should characters be
backslash-quoted or percent-quoted?
Ian
On Wed, Jun 22, 2011 at 8:53 PM, Mike Jones <[email protected]> wrote:
> I’ve published draft 06 of the OAuth Bearer Token Specification. It
> contains the following changes:
>
> · Changed parameter name bearer_token to access_token, per working
> group consensus.
>
> · Changed HTTP status code for invalid_request error code from HTTP
> 401 (Unauthorized) back to HTTP 400 (Bad Request), per input from HTTP
> working group experts.
>
>
>
> It doesn’t change the use of 403 (Forbidden) to (401) Unauthorized as had
> been discussed as a possibility, also due to input from the same HTTP
> working group experts.
>
>
>
> I believe that this addresses all the bearer token specification issues
> arising from the interim working group meeting and working group discussions
> since then.
>
>
>
> The draft is available at these locations:
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.pdf
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.txt
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.xml
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.html
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.pdf
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.txt
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.xml
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html (will
> point to new versions as they are posted)
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.pdf (will
> point to new versions as they are posted)
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt (will
> point to new versions as they are posted)
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml (will
> point to new versions as they are posted)
>
> · http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion
> repository, with html, pdf, txt, and html versions available)
>
>
>
> -- Mike
>
>
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
>
--
Ian McKellar <http://ian.mckellar.org/>
[email protected]: email | jabber | msn
ianloic: flickr | aim | yahoo | skype | linkedin | etc.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
