Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06
Ian McKellar <ian@mckellar.org> Sun, 10 July 2011 20:16 UTC
Return-Path: <ian@mckellar.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1082421F8710 for <oauth@ietfa.amsl.com>; Sun, 10 Jul 2011 13:16:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-j4W4k385gn for <oauth@ietfa.amsl.com>; Sun, 10 Jul 2011 13:16:21 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 0B3D121F86EE for <oauth@ietf.org>; Sun, 10 Jul 2011 13:16:20 -0700 (PDT)
Received: by wyj26 with SMTP id 26so2577146wyj.31 for <oauth@ietf.org>; Sun, 10 Jul 2011 13:16:20 -0700 (PDT)
Received: by 10.216.66.149 with SMTP id h21mr3434091wed.103.1310328979066; Sun, 10 Jul 2011 13:16:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.73.137 with HTTP; Sun, 10 Jul 2011 13:15:59 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394348D04A47@TK5EX14MBXC202.redmond.corp.microsoft.com>
References: <AcwxP+0eZ6OA/RCvSTCCsjpx71EG9w==> <4E1F6AAD24975D4BA5B168042967394348D04A47@TK5EX14MBXC202.redmond.corp.microsoft.com>
From: Ian McKellar <ian@mckellar.org>
Date: Sun, 10 Jul 2011 16:15:59 -0400
Message-ID: <CAKMDUCY3VsXxoc8wH2zUWA9wJaje5V6-VKpvY=6gbD2tn27G5g@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jul 2011 20:16:22 -0000
Hi,
I'm reading through draft 6 of the bearer token spec and had a
question about one of the examples. In section 2.4 there's an error
response example when an expired token is used:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="example"
error="invalid_token",
error_description="The access token expired"
I think there should be a comma after realm="example"
Also, I wasn't sure about spaces in the error_description. I'm digging
through related linked specs to try to work out what a quoted-string
should actually look like. Are spaces allowed? Should characters be
backslash-quoted or percent-quoted?
Ian
On Wed, Jun 22, 2011 at 8:53 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> I’ve published draft 06 of the OAuth Bearer Token Specification. It
> contains the following changes:
>
> · Changed parameter name bearer_token to access_token, per working
> group consensus.
>
> · Changed HTTP status code for invalid_request error code from HTTP
> 401 (Unauthorized) back to HTTP 400 (Bad Request), per input from HTTP
> working group experts.
>
>
>
> It doesn’t change the use of 403 (Forbidden) to (401) Unauthorized as had
> been discussed as a possibility, also due to input from the same HTTP
> working group experts.
>
>
>
> I believe that this addresses all the bearer token specification issues
> arising from the interim working group meeting and working group discussions
> since then.
>
>
>
> The draft is available at these locations:
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.pdf
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.txt
>
> ·
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.xml
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.html
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.pdf
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.txt
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.xml
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html (will
> point to new versions as they are posted)
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.pdf (will
> point to new versions as they are posted)
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt (will
> point to new versions as they are posted)
>
> · http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml (will
> point to new versions as they are posted)
>
> · http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion
> repository, with html, pdf, txt, and html versions available)
>
>
>
> -- Mike
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
--
Ian McKellar <http://ian.mckellar.org/>
ian@mckellar.org: email | jabber | msn
ianloic: flickr | aim | yahoo | skype | linkedin | etc.