On 2011-05-19 11:14, Kris Selden wrote:
Well, like it or not, the default for HTTP header fields is not UTF-8.
Encoding in HTTP header fields is not the topic, error_description is already
encoded into a URI before it is in the Location field.
There are 3 spots where error_description appears:
http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.1.2.1
http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.2.2.1
http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-5.2
In section 4.1.2.1 and 4.2.2.1 the issue is about character encoding before
application/x-www-form-urlencoded encoding (after that it is ASCII only). In
section 4.2.2.1, the parameter is encoded in the fragment component which is
only visible on the client side, and likely to be read by a script in
Javascript (which is unicode only).
In section 5.2 the response type is JSON which already deals with character
encoding (http://tools.ietf.org/html/rfc4627#section-3) and is Unicode only.
So there isn't anything to solve for error_description in section 5.2, except
maybe to reference section 3 of rfc4627.
...
My comments applied to the proposal of returning error_description in
the WWW-Authenticate header field (see
<http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-04#section-2.4.1>).
Best regards, Julian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
