We went with base64url in our implementation On Tue, Oct 14, 2014 at 2:26 AM, Nat Sakimura <n-sakim...@nri.co.jp> wrote:
> In his mail, Mike asked whether code verifier is > a value that is sendable without trnasformation > as a http parameter value, or if it needs to be > % encoded when it is being sent. > > We have several options here: > > 1) Require that the code verifier to be a base64url encoded string of a > binary random value. > > 2) Let code verifier to be a binary string and require it to be > either % encoded or base64url encoded when it is sent. > In this case, which encoding should we use? > > 3) require the code verifier to be conform to the following ABNF: > code_verifier = 16*128unreserved > unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" > > Which one do you guys prefer? > > Nat > > -- > Nat Sakimura (n-sakim...@nri.co.jp) > Nomura Research Institute, Ltd. > > PLEASE READ: > The information contained in this e-mail is confidential and intended for > the named recipient(s) only. > If you are not an intended recipient of this e-mail, you are hereby > notified that any review, dissemination, distribution or duplication of > this message is strictly prohibited. If you have received this message in > error, please notify the sender immediately and delete your copy from your > system. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth