The current spec has the client create a "name='value'" syntax exactly
once, in the Authorization header. We could eliminate a fair chunk of
client code by removing the name="value" syntax and going with the
approach taken by the Basic, NTLM, and Negotiate schemes:
Authorization: OAuth2 <token>
No more escaping beyond what your HTTP library provides. Just call
setHeader("OAuth2 " + token), and you're on your merry way.
We are going to need slightly more flexibility once the signature
proposal settles down. For that, I'd suggest using a different scheme
name.
Authorization: OAuth2Signed <self-describing-signed-token>
Cheers,
Brian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
