Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06
Mike Jones <Michael.Jones@microsoft.com> Mon, 25 July 2011 16:12 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1973211E81CC for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 09:12:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.478
X-Spam-Level:
X-Spam-Status: No, score=-10.478 tagged_above=-999 required=5 tests=[AWL=0.121, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yAfVOS4YUELK for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 09:12:48 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com [131.107.115.215]) by ietfa.amsl.com (Postfix) with ESMTP id AC65A21F8D2E for <oauth@ietf.org>; Mon, 25 Jul 2011 08:02:45 -0700 (PDT)
Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (157.54.80.61) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Mon, 25 Jul 2011 08:02:44 -0700
Received: from TK5EX14MBXC207.redmond.corp.microsoft.com ([169.254.7.174]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.01.0323.002; Mon, 25 Jul 2011 08:02:44 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: Ian McKellar <ian@mckellar.org>
Thread-Topic: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06
Thread-Index: AcwxP+0eZ6OA/RCvSTCCsjpx71EG9wOOO3mAAthzYdA=
Date: Mon, 25 Jul 2011 15:02:43 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394349853DFE@TK5EX14MBXC207.redmond.corp.microsoft.com>
References: <AcwxP+0eZ6OA/RCvSTCCsjpx71EG9w==> <4E1F6AAD24975D4BA5B168042967394348D04A47@TK5EX14MBXC202.redmond.corp.microsoft.com> <CAKMDUCY3VsXxoc8wH2zUWA9wJaje5V6-VKpvY=6gbD2tn27G5g@mail.gmail.com>
In-Reply-To: <CAKMDUCY3VsXxoc8wH2zUWA9wJaje5V6-VKpvY=6gbD2tn27G5g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2011 16:12:50 -0000
You're correct about the missing comma. I'll plan on updating the draft this week. To your second question, the definition of quoted-string does allow for unquoted whitespace within the quoted string. -- Mike -----Original Message----- From: Ian McKellar [mailto:ian@mckellar.org] Sent: Sunday, July 10, 2011 1:16 PM To: Mike Jones Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06 Hi, I'm reading through draft 6 of the bearer token spec and had a question about one of the examples. In section 2.4 there's an error response example when an expired token is used: HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer realm="example" error="invalid_token", error_description="The access token expired" I think there should be a comma after realm="example" Also, I wasn't sure about spaces in the error_description. I'm digging through related linked specs to try to work out what a quoted-string should actually look like. Are spaces allowed? Should characters be backslash-quoted or percent-quoted? Ian On Wed, Jun 22, 2011 at 8:53 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: > I’ve published draft 06 of the OAuth Bearer Token Specification. It > contains the following changes: > > · Changed parameter name bearer_token to access_token, per > working group consensus. > > · Changed HTTP status code for invalid_request error code from > HTTP > 401 (Unauthorized) back to HTTP 400 (Bad Request), per input from HTTP > working group experts. > > > > It doesn’t change the use of 403 (Forbidden) to (401) Unauthorized as > had been discussed as a possibility, also due to input from the same > HTTP working group experts. > > > > I believe that this addresses all the bearer token specification > issues arising from the interim working group meeting and working > group discussions since then. > > > > The draft is available at these locations: > > · > http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.pdf > > · > http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.txt > > · > http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.xml > > · > http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.html > > · > http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.pdf > > · > http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.txt > > · > http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.xml > > · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html > (will point to new versions as they are posted) > > · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.pdf > (will point to new versions as they are posted) > > · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt > (will point to new versions as they are posted) > > · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml > (will point to new versions as they are posted) > > · http://svn.openid.net/repos/specifications/oauth/2.0/ > (Subversion repository, with html, pdf, txt, and html versions > available) > > > > -- > Mike > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > -- Ian McKellar <http://ian.mckellar.org/> ian@mckellar.org: email | jabber | msn ianloic: flickr | aim | yahoo | skype | linkedin | etc.