Hi there,
I note that sending data using form-encoding
(<https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-13#section-2.2>) is
still [0] underspecified.
To encode data using the "application/x-www-form-urlencoded" media type,
the producer needs to first map characters to octets, and only then can
produce the body. HTML 4.01 doesn't mention this, mainly because it's
implied by related information, such as the character encoding of the
page containing the form, and attributes on the HTML form elements.
This information doesn't apply here, so senders are left in the dark
about how to get to the octet sequence they need. This may not be a
problem for US-ASCII (because there's an "obvious" way to do that), but
it is for everything else.
The spec may not need non-ASCII characters in the predefined parameters,
but it does allow extension parameters, and thus their handling isn't
completely specified.
Note that this issue would be more obvious if the spec did cite HTML5
for the definition of the media type.
Also note that a similar problem applies to the URI encoding, defined in
<https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-13#section-2.3>.
There are two simple ways to resolve this issue:
1) Disallow non-ASCII characters in extension parameters, or
2) Or specify the character encoding to use (such as UTF-8).
Best regards, Julian
[0] <https://www.ietf.org/mail-archive/web/oauth/current/msg07731.html>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
