I would vote for consistency with 6749 - string tokenizing doesn't seem
like a big deal, esp. since clients are going to have to deal with it when
scopes are returned from the token endpoint. It was raised here when I
realized that we would have to give clients two types of guidance when
dealing with scopes in the introspection response and 6749 endpoints.
If the thinking is that 6749 got it wrong (didn't use JSON syntax
appropriately), and this is getting it right, that's fine. I'm more
interested in knowing if the community thinks it's going to change.
Todd Lainhart
Rational software
IBM Corporation
550 King Street, Littleton, MA 01460-1250
1-978-899-4705
2-276-4705 (T/L)
lainh...@us.ibm.com
From: Justin Richer <jric...@mitre.org>
To: Todd W Lainhart/Lexington/IBM@IBMUS,
Cc: IETF oauth WG <oauth@ietf.org>
Date: 01/30/2013 05:29 PM
Subject: Re: [OAUTH-WG] draft-richer-oauth-introspection-01 scope
syntax
It's not meant to follow the same syntax. Instead, it's making use of the
JSON object structure to avoid additional parsing of the values on the
client side.
We could fairly easily define it as the same space-delimited string if
enough people want to keep the scope format consistent.
-- Justin
On 01/30/2013 05:27 PM, Todd W Lainhart wrote:
That the scope syntax in draft-richer-oauth-introspection-01 is different
than RFC 6749 Section 3.3, as in:
"scope": ["read", "write", "dolphin"],
vs.
scope = scope-token *( SP scope-token )
scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
Should introspection-01 follow the 6749 syntax for scopes?
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
