Dear list, Apologies if this has been brought up before. I searched the archives but didn't find anything related. I am working on a web application + api that uses OAuth2 implicit flow and Bearer tokens.
It occurred to that when the API responds with a 401 request, a useful addition would be that the api also informs the user of the OAuth2 authentication endpoint to redirect the user to. It makes sense to me to do this via a HTTP Link header. A response could look as follows: HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer Link: <https://auth.example.org/authenticate> rel="oauth2-authenticate" The reason I'm emailing is because I wanted to gauge whether this is interesting, or if there are problems with this approach. If it is interesting, I would like to take a stab at writing an IETF draft for this. Cheers, Evert _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
