IETF Logo Mail Archive

Re: [OAUTH-WG] Extra "Authorization: Basic" lines in examples

Brian Campbell <bcampbell@pingidentity.com> Tue, 26 July 2011 05:06 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2871711E8083 for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 22:06:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.951
X-Spam-Level:
X-Spam-Status: No, score=-5.951 tagged_above=-999 required=5 tests=[AWL=0.026, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jHmsQQQNI0Zj for <oauth@ietfa.amsl.com>; Mon, 25 Jul 2011 22:06:18 -0700 (PDT)
Received: from na3sys009aog106.obsmtp.com (na3sys009aob106.obsmtp.com [74.125.149.76]) by ietfa.amsl.com (Postfix) with ESMTP id 55C3F11E807F for <oauth@ietf.org>; Mon, 25 Jul 2011 22:06:18 -0700 (PDT)
Received: from mail-qy0-f176.google.com ([209.85.216.176]) (using TLSv1) by na3sys009aob106.postini.com ([74.125.148.12]) with SMTP ID DSNKTi5LSfy4E1a0LRsA30q2EruCo4JNizai@postini.com; Mon, 25 Jul 2011 22:06:18 PDT
Received: by mail-qy0-f176.google.com with SMTP id 4so43619qyk.7 for <oauth@ietf.org>; Mon, 25 Jul 2011 22:06:17 -0700 (PDT)
Received: by 10.224.178.145 with SMTP id bm17mr4191688qab.93.1311656777094; Mon, 25 Jul 2011 22:06:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.11.68 with HTTP; Mon, 25 Jul 2011 22:05:47 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739434985C1B5@TK5EX14MBXC207.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739434985C1B5@TK5EX14MBXC207.redmond.corp.microsoft.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 25 Jul 2011 23:05:47 -0600
Message-ID: <CA+k3eCR+c+Tv6vF41_nZp6QeB3JyPBpvmuSwO9xUNHGMQu3RbQ@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Extra "Authorization: Basic" lines in examples
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 05:06:19 -0000

I believe those examples are okay.

The content in the post body is the grant while the HTTP Basic
Authorization header is the client authentication. They are two
different things.

On Mon, Jul 25, 2011 at 10:27 PM, Mike Jones
<Michael.Jones@microsoft.com> wrote:
> In sections 4.1.3, 4.3.2, 4.4.2, and 6 of draft -20, the examples contain
> both the line “Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW” and
> credentials in the post body.  For instance, the example from 4.3.2 is:
>
>
>
>      POST /token HTTP/1.1
>
>      Host: server.example.com
>
>      Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
>
>      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
>
>
>
>      grant_type=password&username=johndoe&password=A3ddj3w
>
>
>
> I believe that the “Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW” line
> should be deleted from all of these examples, as you either use Basic or
> credentials in the post body, but not both.
>
>
>
>                                                             Thanks,
>
>                                                             -- Mike
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

v2.23.0 | Report a Bug | By Email