+1 on OAuth2 header, and I also want to see oauth2_token in URI and form parameter methods.
1.0 clients will talk to systems that support both oauth2 and oauth1 simultaneously. Most likely on the same PR endpoints as well. Since the protocols are not backwards compatible, they should be able to coexist. -- Justin On Thu, 2010-07-15 at 01:38 -0400, Brian Eaton wrote: > Draft 10 switched from "Token" scheme in the authorization header to > "OAuth". I'd rather we didn't reuse OAuth. 'OAuth2' would be great. > "Token" is ugly as sin, but is better than "OAuth". > > Spec section: http://tools.ietf.org/html/draft-ietf-oauth-v2-10#page-30 > > The problem with reusing "OAuth" is that there are existing > implementations in the wild that have special behavior implemented for > OAuth authorization headers. Since OAuth2 headers don't have the same > semantics, we're going to break those implementations. We shouldn't > reuse "OAuth" for the same reasons we shouldn't reuse "Negotiate", > "NTLM", "Digest", or "Basic. > > Cheers, > Brian > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
