IETF Logo Mail Archive

Re: [OAUTH-WG] Bearer token credentials syntax

"Manger, James H" <James.H.Manger@team.telstra.com> Sat, 24 September 2011 15:01 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D6D521F8AB8 for <oauth@ietfa.amsl.com>; Sat, 24 Sep 2011 08:01:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.979
X-Spam-Level:
X-Spam-Status: No, score=-2.979 tagged_above=-999 required=5 tests=[AWL=-2.079, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, HTML_MESSAGE=0.001, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gfz0tqMsIBbp for <oauth@ietfa.amsl.com>; Sat, 24 Sep 2011 08:01:31 -0700 (PDT)
Received: from ipxbno.tcif.telstra.com.au (ipxbno.tcif.telstra.com.au [203.35.82.204]) by ietfa.amsl.com (Postfix) with ESMTP id 8ABCC21F8AF5 for <oauth@ietf.org>; Sat, 24 Sep 2011 08:01:29 -0700 (PDT)
X-IronPort-AV: E=Sophos; i="4.68,435,1312120800"; d="scan'208,217"; a="46538185"
Received: from unknown (HELO ipcani.tcif.telstra.com.au) ([10.97.216.200]) by ipobni.tcif.telstra.com.au with ESMTP; 25 Sep 2011 01:04:07 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6478"; a="38275086"
Received: from wsmsg3701.srv.dir.telstra.com ([172.49.40.169]) by ipcani.tcif.telstra.com.au with ESMTP; 25 Sep 2011 01:04:07 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3701.srv.dir.telstra.com ([172.49.40.169]) with mapi; Sun, 25 Sep 2011 01:04:05 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Mike Jones <Michael.Jones@microsoft.com>, "oauth@ietf.org" <oauth@ietf.org>
Date: Sun, 25 Sep 2011 01:04:03 +1000
Thread-Topic: Bearer token credentials syntax
Thread-Index: Acx5+SDF4XDgMhWhRvqJf4Zf4AdI8AAz5M0A
Message-ID: <255B9BB34FB7D647A506DC292726F6E1128E5D883F@WSMSG3153V.srv.dir.telstra.com>
References: <4E1F6AAD24975D4BA5B16804296739435C1FC6B7@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739435C1FC6B7@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: multipart/alternative; boundary="_000_255B9BB34FB7D647A506DC292726F6E1128E5D883FWSMSG3153Vsrv_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Bearer token credentials syntax
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Sep 2011 15:01:32 -0000

-1

   credentials = "Bearer" 1*SP b64token
would make sense.

   credentials = "Bearer" 1*SP ( b64token / #auth-param )
does not make sense as the spec doesn't define a way to carry the bearer token in the #auth-param choice.


--
James Manger

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Saturday, 24 September 2011 12:00 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Bearer token credentials syntax

James Manger and others pointed out that the current credentials syntax does not comply with RFC 2617, nor does it match the updated credentials syntax contained in HTTPbis, part 7: Authentication<http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-16>.  The current syntax in the bearer token draft<http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08> is:
   credentials     = "Bearer" RWS access-token
   access-token    = 1*( quoted-char / <"> )

   quoted-char     = ALPHA / DIGIT /
                     "!" / "#" / "$" / "%" / "&" / "'" / "(" / ")" /
                     "*" / "+" / "-" / "." / "/" / ":" / "<" / "=" /
                     ">" / "?" / "@" / "[" / "]" / "^" / "_" / "`" /
                     "{" / "|" / "}" / "~" / "\" / "," / ";"

The syntax in HTTPbis is:
    credentials = auth-scheme [ 1*SP ( b64token / #auth-param ) ]

(Note that some of the BNF elements used by part 7 are defined in HTTPbis, part 1: Messaging<http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-16>.)

To resolve this comment, I plan to change the Bearer Token draft to use this syntax for credentials, matching HTTPbis:
   credentials = "Bearer" 1*SP ( b64token / #auth-param )

Are people good with this approach?

                                                                Thanks,
                                                                -- Mike

v2.23.0 | Report a Bug | By Email