On 2011-09-26 21:20, William Mills wrote:
I'm gonna top reply...
>> Is that intended and acceptable?
No, b64token isn’t always there; the syntax specifies that either a
b64token OR one or more auth-params will be present. Yes, that’s intended.
If the token can be transported in auth-params then I think you must
define how that will happen. It's too loose otherwise. Go with this
obvious and say if auth-parames are used then there must be a token=
parameter that carries the token. That way you are always guaranteed the
token is present in the protocol.
...
+1
In which case the syntax can get rid of the b64token special case
altogether.
Best regards, Julian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
