XML Encoding for OAuth 2The MITRE Corporationjricher@mitre.orgThis document describes a method of translating JSON structured
values to XML structured values in the context of the OAuth 2
protocol.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.The OAuth 2 Protocol makes
use of JSON encoding for its structured
return values, as defined by section 4.2 of the OAuth specification.
JSON encoding is not always desirable, particularly when OAuth is being
used as part of an XML
stream. This extension describes a method for the token endpoint to
encode its return values as XML documents as opposed to JSON objects.
To select XML encoding, the client sends the following OPTIONAL
parameterOPTIONAL. The format parameter
specifies the client's desired format for responses from the token
endpoint. Valid values are "json" and "xml". If omitted, the
parameter value defaults to "json". The server SHALL respond to a valid access grant containing an
XML format request with an HTTP 200 response and content type of application/xml.This section defines encodings for different parts of the JSON data
model in XML equivalents. JSON objects SHALL be encoded by using XML Elements. The object
itself SHALL be represented by the root elment of an XML subtree. All
members of the object SHALL be represented by sub-elements of the root
element. The key of the member pair SHALL be the node name of the XML
Element, and the value of the member pair SHALL be encoded as the
content of the XML Element. The root element of the overall JSON
objectThe token endpoint SHALL use the root element with a node name
oauth to represent the anonymous root JSON
object specified in the OAuth specification.All elements MAY have an OPTIONAL "type" attribute, which has a
valid value of "object", "string", "number", or "array". Strings and numbers SHALL be encoded as CDATA within their
enclosing element. These values MUST be properly escaped XML CDATA,
and MAY be represented using the <[CDATA[ ... ]]> encoding. Arrays SHALL be represented using repeated, sibling XML Element
nodes (nodes with the same node name). The order of the array is
encoded using document order of the array elements. Note that there is
no viable distinction between a single-element list and a raw value
using this encoding.This extension does not define a required namespace for the OAuth
XML encoding.Below are examples of encoding different OAuth JSON objects with
XML.Extensions to the OAuth protocol could make use of JSON's
extensible data representation capabilities, including both objects
and arrays. Using the encoding rules
recursively, one can represent the same structures in XML.This document makes no request of IANA.There are no additional security considerations.