Hi all,
We were discussing the possibility to use Oauth2 token on SOAP in our product. The preferred way in mentioned in RFC is of course to put it to HTTP Authorization header, but in this case it will beyond the scope of SOAP stack and I am not sure it shall be the correct way to go. It is also recognized that there is some implementation (such as salesforce) is using some SOAP header (“sessionId”) to put this token, but it looks like a private implementation and I did not find any specification supporting it. Could any experts here illustrate any organization or forum is working on using Oauth2 token for SOAP request? As there are quite some legacy SOAP based web services, hopefully it is a question makes sense for you as well. Thoughts? Grant Yang Architect, SDP of ORACLE Communications
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
