[OAUTH-WG] Proposed change to section 8.4. Defining New Authorization Endpoint Response Types

Mon, 18 Jul 2011 23:22:25 -0700 

I have tried to accommodate both the use cases and concerns raised. The new 
text allows the registration of composite response types in which the order of 
the space-delimited values does not matter. However, every combination must be 
registered in order to avoid developers guessing what an unregistered 
combination might mean.

Feedback requested.

EHL

---

8.4.  Defining New Authorization Endpoint Response Types

   New response types for use with the authorization endpoint are
   defined and registered in the authorization endpoint response type
   registry following the procedure in Section 11.3.  Response type
   names MUST conform to the response-type ABNF.

     response-type  = response-name *( SP response-name )
     response-name  = 1*response-char
     response-char  = "_" / DIGIT / ALPHA

   The space character (%x20) is reserved for defining composite response types.
  Each composite response types MUST be registered, even if each of its 
components
   are individually registered. The order of components in a composite response 
type
   does not matter. The meaning of unregistered composite response types made 
up of
   individually registered values is undefined.

   For example, the response type "token code" is left undefined by this 
specification.
   However, an extension can define and register the "token code" response type.
  Once registered, the same combination cannot be registered as "code token", 
but
   both values can be used to make an authorization request, and refer to the 
same
   response type.

Also, change the definition of response_type in section 3.1.1:

   response_type
         REQUIRED.  The value MUST be one of "code" for requesting an
         authorization code as described by Section 4.1.1, "token" for
         requesting an access token (implicit grant) as described by
         Section 4.2.1, or a registered extension value as described by
         Section 8.4. A value containing one or more space characters (%x25)
         identifies a composite response type in which the order of the
         space-delimited sub-values does not matter.



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to