I am still Ok with -22, but I have 1 new comment raised by introduction
of the base64 ABNF non terminal:
I think it would be worth adding a comment for b64token that points to
the base64 RFC. The current ABNF is too permissive (arbitrary number of
"=" allowed at the end) and there are enough broken base64 parsers
around (parsers that ignore everything after a "=", parsers that support
arbitrary number of "=" at the end, etc.), so we shouldn't encourage
creation of new ones.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
