Justin, I had a quick look.
You may want to include "text/xml" as a valid xml media type since it is widely used. Additional things to consider includes using XML Schema (XSD) to describe the XML documents. It may also be useful to investigate with one should use XML namespaces or custom media types to differentiate OAuth 2.0 responses from other xml documents. For example, I'm writing a REST service which returns HTTP status 400 when invalid data was passed. The resulting document is in "text/xml" format yet conforms to a very different schema than the proposed OAuth xml documents. How do we make this really simple for clients to know what is coming down the line? This makes one wonder why the standard proposes we should return 400 when in reality is should return 403 (Forbidden) when you are not authorized. Thanks, Werner _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
