Hi there,
re <http://tools.ietf.org/html/draft-ietf-oauth-v2-27#section-4.3.2>:
This needs a normative reference to a spec that defines the
application/x-www-form-urlencoded media type (such as
<http://www.w3.org/TR/html5/iana.html#application-x-www-form-urlencoded>).
Looking at the media type definition I don't see any mention of a
charset parameter, so the example probably is wrong. See also
<http://www.w3.org/TR/html5/form-submission.html#url-encoded-form-data>:
"Note: Parameters on the application/x-www-form-urlencoded MIME type are
ignored. In particular, this MIME type does not support the charset
parameter."
I would also advise to change
The client makes a request to the token endpoint by adding the
following parameters using the "application/x-www-form-urlencoded"
format in the HTTP request entity-body:
grant_type
REQUIRED. Value MUST be set to "password".
username
REQUIRED. The resource owner username, encoded as UTF-8.
password
REQUIRED. The resource owner password, encoded as UTF-8.
scope
OPTIONAL. The scope of the access request as described by
Section 3.3.
to
The client makes a request to the token endpoint by sending the
following parameters using the "application/x-www-form-urlencoded"
format (Section 4.10.22.5 of [WD-html5-20120329]) and a
character encoding of "UTF-8" in the HTTP request entity-body:
grant_type
REQUIRED. Value MUST be set to "password".
username
REQUIRED. The resource owner username.
password
REQUIRED. The resource owner password.
scope
OPTIONAL. The scope of the access request as described by
Section 3.3.
Finally, it would be good if the example used characters that require
escaping in the body, such as "&", "%", or non-ASCII characters.
(similar nits apply to other sections using form encoding)
Best regards, Julian
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
