Hi, I have question about access_token generation. Would it be possible to use access_token that generated as UUID? It seems reasonable so UUID is regarded as safe ID generation algorithm. And in fact such OAuth 2.0 implementations exists. But there is a discrepancy between OAuth 2.0 spec and UUID spec around letter case.
RFC 6749 says: > Unless otherwise noted, all the protocol parameter names and values > are case sensitive. > access_token > REQUIRED. The access token issued by the authorization server. RFC 4122 says: > The hexadecimal values "a" through "f" are output as lower case > characters and are case insensitive on input. I mean, access_token should be treated as case sensitive but UUID should be treated as case insensitive. What are your thoughts on that? Thank you. -- Open Source Solution Technology Corporation HAMANO Tsukasa <ham...@osstech.co.jp> fingerprint = 2285 2111 6D34 3816 3C2E A5B9 16BE D101 6069 BE55 _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth