Currently OAuth 2 uses application/json as their main mimetype for JSON
responses.
This has at least two drawbacks:
1. Content-negotiation is a good way to to version/alter behavior of
endpoints/introduce extensions or modifications.
2. In systems that use Web Linking, it's harder to use a generic link
relationship to point to an OAuth2 endpoint.
I would like to define links in my system to point to endpoints where
users may log in (to the authorize endpoint), or log out (the revoke
endpoint).
In an ideal world, I would do this with a link such as:
Link: https://auth-server.example; rel="authenticate";
type="application/oauth21+json"
This allows a client both figure out in a generic manner the endpoints
are, and also what protocol is supported.
Is there a chance that a new mimetype could be registered for OAuth 2.1?
I believe this can be done in a manner that's both backwards compatible
with OAuth 2, by requiring clients and servers to support
'application/json'. For instance, a server can respond with
'application/json' if it didn't receive 'application/oauth21+json' in
neither a Content-Type nor Accept request header.
Evert
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
