You're correct about the missing comma. I'll plan on updating the draft this
week.
To your second question, the definition of quoted-string does allow for
unquoted whitespace within the quoted string.
-- Mike
-----Original Message-----
From: Ian McKellar [mailto:[email protected]]
Sent: Sunday, July 10, 2011 1:16 PM
To: Mike Jones
Cc: [email protected]
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06
Hi,
I'm reading through draft 6 of the bearer token spec and had a question about
one of the examples. In section 2.4 there's an error response example when an
expired token is used:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="example"
error="invalid_token",
error_description="The access token expired"
I think there should be a comma after realm="example"
Also, I wasn't sure about spaces in the error_description. I'm digging through
related linked specs to try to work out what a quoted-string should actually
look like. Are spaces allowed? Should characters be backslash-quoted or
percent-quoted?
Ian
On Wed, Jun 22, 2011 at 8:53 PM, Mike Jones <[email protected]> wrote:
> I’ve published draft 06 of the OAuth Bearer Token Specification. It
> contains the following changes:
>
> · Changed parameter name bearer_token to access_token, per
> working group consensus.
>
> · Changed HTTP status code for invalid_request error code from
> HTTP
> 401 (Unauthorized) back to HTTP 400 (Bad Request), per input from HTTP
> working group experts.
>
>
>
> It doesn’t change the use of 403 (Forbidden) to (401) Unauthorized as
> had been discussed as a possibility, also due to input from the same
> HTTP working group experts.
>
>
>
> I believe that this addresses all the bearer token specification
> issues arising from the interim working group meeting and working
> group discussions since then.
>
>
>
> The draft is available at these locations:
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.pdf
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.txt
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.xml
>
> ·
> http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.html
>
> ·
> http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.pdf
>
> ·
> http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.txt
>
> ·
> http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.xml
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html
> (will point to new versions as they are posted)
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.pdf
> (will point to new versions as they are posted)
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt
> (will point to new versions as they are posted)
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml
> (will point to new versions as they are posted)
>
> · http://svn.openid.net/repos/specifications/oauth/2.0/
> (Subversion repository, with html, pdf, txt, and html versions
> available)
>
>
>
> --
> Mike
>
>
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
>
--
Ian McKellar <http://ian.mckellar.org/>
[email protected]: email | jabber | msn
ianloic: flickr | aim | yahoo | skype | linkedin | etc.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
