In his mail, Mike asked whether code verifier is a value that is sendable without trnasformation as a http parameter value, or if it needs to be % encoded when it is being sent.
We have several options here: 1) Require that the code verifier to be a base64url encoded string of a binary random value. 2) Let code verifier to be a binary string and require it to be either % encoded or base64url encoded when it is sent. In this case, which encoding should we use? 3) require the code verifier to be conform to the following ABNF: code_verifier = 16*128unreserved unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" Which one do you guys prefer? Nat -- Nat Sakimura (n-sakim...@nri.co.jp) Nomura Research Institute, Ltd. PLEASE READ: The information contained in this e-mail is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
