This seems to include two separate items.
> -----Original Message-----
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Anthony Nadalin
> Sent: Friday, August 12, 2011 8:29 PM
> To: OAuth WG (oauth@ietf.org)
> Subject: [OAUTH-WG] x-www-form-urlencoded
>
> In the text on the authorization and token endpoints an assumption is made
> that the query component of the URLs will be specified based on x-www-
> form-urlencoded. But in fact that is never explicitly stated. What is
> explicitly
> stated is that RFC 3986 section 3 has to be used (and then only for the
> authorization endpoint, not the token endpoint). But section 3 just defines
> what characters can be used in a query component, it says nothing about x-
> www-form-urlencoded. Suggest that the specification needs to normatively
> state that we are requiring all authorization endpoints that use the query
> component to do so using x-www-form-urlencoded.
This issue was raised by Yaron and corrected for both endpoints as indicated on
the other thread. The new text is:
The endpoint URI MAY include an "application/x-www-form-urlencoded"
formatted
([W3C.REC-html401-19991224]) query component ([RFC3986] section 3.4),
which MUST
be retained when adding additional query parameters. The endpoint URI
MUST NOT
include a fragment component.
> Where RFC 5552 comes
> into the picture is in cases where the request body is an html form. In that
> case it makes sense to natively encode the form content using UTF-8. So this
> only applies to OAuth requests that use the request body. So this would
> apply to sections 2.4.1, 3.1, 3.2, 4.1.3, 4.3.2 & 4.4.2. Really, anywhere
> that a
> request can be made in the request body
I have no idea what this is about.
EHL
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
