Oh, thanks, that is supposed to be explicitly stated! Yes, it's form parameters.
-- Justin / Sent from my phone / -------- Original message -------- From: Sergey Beryozkin <[email protected]> Date:12/01/2014 5:57 AM (GMT-05:00) To: [email protected] Cc: Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-01.txt On 01/12/14 10:56, Sergey Beryozkin wrote: > Hi Justin > > Nicely written text, as usual. > Few comments: > - I haven't found a reference to a data format of POST requests. > I'm presuming it is going to be a form payload (would mean the server > code can write more or less the same code dealing with POST & GET > queries) ? Oops :-), sorry, did not scroll down to the example in the text Thanks, Sergey > - consider directly specifying an optional 'client_ip' property > - consider adding an optional request_method (or request_verb) hint, a > given scope can be restricted to say GET only, can be useful when a > protected resource is written to support GET and POST over the same > resource_id URI; > > The text that the endpoint may support other parameters (such a client > ip address) covers the last 2 parameters, but I guess it would be more > inter-operable to 'promote' the parameters that may be of general use. > > Thanks, Sergey > > > > > On 01/12/14 02:41, [email protected] wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Web Authorization Protocol Working >> Group of the IETF. >> >> Title : OAuth 2.0 Token Introspection >> Author : Justin Richer >> Filename : draft-ietf-oauth-introspection-01.txt >> Pages : 10 >> Date : 2014-11-30 >> >> Abstract: >> This specification defines a method for a protected resource to query >> an OAuth 2.0 authorization server to determine the active state of an >> OAuth 2.0 token and to determine meta-information about this token. >> OAuth 2.0 deployments can use this method to convey information about >> the authorization context of the token from the authorization server >> to the protected resource. >> >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/ >> >> There's also a htmlized version available at: >> http://tools.ietf.org/html/draft-ietf-oauth-introspection-01 >> >> A diff from the previous version is available at: >> http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-introspection-01 >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
