Getting rid of the b64token would be an unnecessary breaking change. -----Original Message----- From: Julian Reschke [mailto:[email protected]] Sent: Monday, September 26, 2011 12:27 PM To: William Mills Cc: Mike Jones; [email protected] Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-08 HTTP syntax comments
On 2011-09-26 21:20, William Mills wrote: > I'm gonna top reply... > > >> Is that intended and acceptable? >> >> No, b64token isn’t always there; the syntax specifies that either a > b64token OR one or more auth-params will be present. Yes, that’s intended. > > If the token can be transported in auth-params then I think you must > define how that will happen. It's too loose otherwise. Go with this > obvious and say if auth-parames are used then there must be a token= > parameter that carries the token. That way you are always guaranteed > the token is present in the protocol. > ... +1 In which case the syntax can get rid of the b64token special case altogether. Best regards, Julian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
