Yes, it covers all the characters legal in URIs. Per earlier discussion on the
list, scopes are not restricted to being URIs, as existing practice includes
scope elements that are not URIs such as "email" "profile", and "openid".
-- Mike
-----Original Message-----
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Marius Scurtescu
Sent: Wednesday, October 19, 2011 10:24 AM
To: Julian Reschke
Cc: OAuth WG
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed
Resolutions
Marius
On Tue, Oct 18, 2011 at 9:39 AM, Julian Reschke <julian.resc...@gmx.de> wrote:
> On 2011-10-18 17:38, Eran Hammer-Lahav wrote:
>>
>> Space is allowed inside a quoted string and is already not allowed
>> inside each scope string.
>>
>> EHL
>> ...
>
> a) yes.
>
> b) well:
>
> The value of the scope parameter is expressed as a list of space-
> delimited, case sensitive strings. The strings are defined by the
> authorization server. If the value contains multiple
> space-delimited
> strings, their order does not matter, and each string adds an
> additional access range to the requested scope.
>
> That certainly implies that you can't have a space inside a token, but
> it could be clearer.
>
> Optimally, state the character repertoire precisely:
>
> scopetokenchar = %x21 / %x23-5B / %x5D-7E
> ; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII
>
> ?
Is this covering all characters allowed in a URI? Why not define scopes as a
list of URIs?
>
> Best regards, Julian
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
