James Manger and others pointed out that the current credentials syntax does
not comply with RFC 2617, nor does it match the updated credentials syntax
contained in HTTPbis, part 7:
Authentication<http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-16>. The
current syntax in the bearer token
draft<http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08> is:
credentials = "Bearer" RWS access-token
access-token = 1*( quoted-char / <"> )
quoted-char = ALPHA / DIGIT /
"!" / "#" / "$" / "%" / "&" / "'" / "(" / ")" /
"*" / "+" / "-" / "." / "/" / ":" / "<" / "=" /
">" / "?" / "@" / "[" / "]" / "^" / "_" / "`" /
"{" / "|" / "}" / "~" / "\" / "," / ";"
The syntax in HTTPbis is:
credentials = auth-scheme [ 1*SP ( b64token / #auth-param ) ]
(Note that some of the BNF elements used by part 7 are defined in HTTPbis, part
1: Messaging<http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-16>.)
To resolve this comment, I plan to change the Bearer Token draft to use this
syntax for credentials, matching HTTPbis:
credentials = "Bearer" 1*SP ( b64token / #auth-param )
Are people good with this approach?
Thanks,
-- Mike
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
