Having examined the draft on github, it looks to me like the document should be much more specific about the character encoding of parameters that require internationalization. These include username, password, and realm. I see a UTF-8 reference in the footnotes, but it isn't used anywhere in the draft.
RFC2617 really drops the ball on this, so we need to be careful when we reference it. Since this data needs to be passed over HTTP request lines and headers, it needs to be ASCII. That suggests specifying something like the text below for parameters requiring internationalization: > The username/password/realm/etc parameter is a character normalized UTF-8 > string encoded as Modified Base64 for URLs. -- Robert Sayre "I would have written a shorter letter, but I did not have the time." _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
