I tend to agree. Check the archives, there are recent discussions on this subject. The exact format of the Authorization header is still debated, including the scheme.
Marius On Tue, Dec 14, 2010 at 1:52 PM, Jitesh Bhate <jbh...@exacttarget.com> wrote: > While Integrating our Apis WITH CoTweet library > > We found that OAuth 2.0 has changed (from oauth 1.0) the way Oauth token is > passed in authorization header. > > > > OAuth 2.0 does not > > require the oauth_token= while passing in authorization header > > http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.1.1 > > > > > > shouldn’t following request 1) is more easy to parse as key value pairs than > 2) ??? > > > > 1) > > GET /resource HTTP/1.1 > > Host: server.example.com > > Authorization: OAuth oauth_token=vF9dft4qmT > > > > 2) > > GET /resource HTTP/1.1 > > Host: server.example.com > > Authorization: OAuth vF9dft4qmT > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
