Should somebody just forward this to [email protected] mailing list so that it will be taken as the response to the last call?
=nat On Tue, Feb 7, 2012 at 4:49 AM, Justin Richer <[email protected]> wrote: > +1 for consistent examples. > > -- Justin > > > On 02/06/2012 02:35 PM, Eran Hammer wrote: > > Sending to the right place. > > > > From: Thomas, Christopher (LLU) [mailto:[email protected]] > Sent: Monday, February 06, 2012 11:33 AM > To: [email protected] > Subject: Mail regarding draft-ietf-oauth-v2 > > > > Hello, > > > > I’m looking into implementing the Oauth2 spec for a work project and I think > I ran into an issue with the version 23 documentation. According to the > Oauth2 documentation, a client can send it’s credentials one of two ways: 1) > via HTTP Basic Auth 2) via the request body parameters. Section 2.3.1 says > “….the HTTP Basic authentication scheme as defined in [RFC2617] to > authenticate with the authorization server. The client identifier is used > as the username, and the client password is used as the password.” > > > > The example given in Section 2.3.1 is: > > > > Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW > > > > According to RFC2617 Section 2, the value of the credential is a base64 > representation of “username:password” (no quotes). This means when the value > is decoded, it is “s6BhdRkqt3:gX1fBat3bV”. So, according to the HTTP Basic > Auth example, the client_id is s6BhdRkqt3 and the client_secret is > gX1fBat3bV. Just below the basic auth example is the request body example: > > > > POST /token HTTP/1.1 > > Host: server.example.com > > Content-Type: application/x-www-form-urlencoded;charset=UTF-8 > > > > grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA > > &client_id=s6BhdRkqt3&client_secret=7Fjfp0ZBr1KtDRbnfVdmIw > > > > > > In the request body example, the client_secret does not match the > client_secret in the HTTP Basic Auth example. I think the two should match > for consistency. I propose the change that is in the patch attached to this > email. > > > > Thank you for considering my suggestion. > > > > > > Chris > > > > > > Christopher Thomas, BA — Systems Analyst > LOMA LINDA UNIVERSITY | Information Systems > > Loma Linda University, Loma Linda, California 92350 > x87866 or (909) 558-7866 > > > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
