Hey everyone, http://tools.ietf.org/html/rfc6749#section-7 provides examples of MAC and Bearer tokens being supplied when accessing a protected resource. It also mentions that it is up to each type of token to define additional parameters. However it is not quite clear whether there exists a recommended/intended way of differentiating the token type of any particular request as the token_type parameter is not supplied.
Consider a bearer token supplied as the access_token query component. Then I invent and register Bearer+ which in addition has the plus query component. Then later Super Bearer is created with the additional super query component. The only way to differentiate would be to inspect present parameters and make an educated guess. Am I missing something obvious? Thanks, Ib
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
