On 2011-10-28 01:30, Manger, James H wrote:
...
Perhaps a better approach is to: defined<scope>,<error>,<error-desc>, and<error-uri> values
as<quoted-string>; add text saying senders MUST NOT use quoted-string's escape mechanism (so " and \ cannot appear in the
values), though receivers MAY use a standard quoted-string parser; say the<error-uri> value must match<URI-reference>;
say the<scope> value is a list of space-delimited, case sensitive strings.
...
This goes into the right direction.
I would also allow both token and quoted-string, because it seems to be
totally pointless to forbid it.
(I'll send a longer summary about open issues soonish))
Best regards, Julian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
