The Authorization scheme name in the Authorization header tells you
________________________________
From: Ib Lundgren <ib.lundg...@gmail.com>
To: oauth@ietf.org
Sent: Sunday, November 18, 2012 8:57 AM
Subject: [OAUTH-WG] Identifying token type during protected resource access
Hey everyone,
http://tools.ietf.org/html/rfc6749#section-7 provides examples of MAC and
Bearer tokens being supplied when accessing a protected resource. It also
mentions that it is up to each type of token to define additional parameters.
However it is not quite clear whether there exists a recommended/intended way
of differentiating the token type of any particular request as the token_type
parameter is not supplied.
Consider a bearer token supplied as the access_token query component. Then I
invent and register Bearer+ which in addition has the plus query component.
Then later Super Bearer is created with the additional super query component.
The only way to differentiate would be to inspect present parameters and make
an educated guess.
Am I missing something obvious?
Thanks,
Ib
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
