Yes, they are very compatible. For OAuth's purposes, the uuid is a case sensitive opaque string, so the fact that it could have a looser interpretation with the same semantics is irrelevant. The stricter interpretation rules the day, and importantly the client won't try to do anything special with the value.
-- Justin / Sent from my phone / -------- Original message -------- From: HAMANO Tsukasa <[email protected]> Date:11/26/2014 10:06 PM (GMT-05:00) To: [email protected] Cc: Subject: [OAUTH-WG] access_token and UUID Hi, I have question about access_token generation. Would it be possible to use access_token that generated as UUID? It seems reasonable so UUID is regarded as safe ID generation algorithm. And in fact such OAuth 2.0 implementations exists. But there is a discrepancy between OAuth 2.0 spec and UUID spec around letter case. RFC 6749 says: > Unless otherwise noted, all the protocol parameter names and values > are case sensitive. > access_token > REQUIRED. The access token issued by the authorization server. RFC 4122 says: > The hexadecimal values "a" through "f" are output as lower case > characters and are case insensitive on input. I mean, access_token should be treated as case sensitive but UUID should be treated as case insensitive. What are your thoughts on that? Thank you. -- Open Source Solution Technology Corporation HAMANO Tsukasa <[email protected]> fingerprint = 2285 2111 6D34 3816 3C2E A5B9 16BE D101 6069 BE55 _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
