Oh, thanks, that is supposed to be explicitly stated! Yes, it's form parameters.
-- Justin / Sent from my phone / -------- Original message -------- From: Sergey Beryozkin <sberyoz...@gmail.com> Date:12/01/2014 5:57 AM (GMT-05:00) To: oauth@ietf.org Cc: Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-01.txt On 01/12/14 10:56, Sergey Beryozkin wrote: > Hi Justin > > Nicely written text, as usual. > Few comments: > - I haven't found a reference to a data format of POST requests. > I'm presuming it is going to be a form payload (would mean the server > code can write more or less the same code dealing with POST & GET > queries) ? Oops :-), sorry, did not scroll down to the example in the text Thanks, Sergey > - consider directly specifying an optional 'client_ip' property > - consider adding an optional request_method (or request_verb) hint, a > given scope can be restricted to say GET only, can be useful when a > protected resource is written to support GET and POST over the same > resource_id URI; > > The text that the endpoint may support other parameters (such a client > ip address) covers the last 2 parameters, but I guess it would be more > inter-operable to 'promote' the parameters that may be of general use. > > Thanks, Sergey > > > > > On 01/12/14 02:41, internet-dra...@ietf.org wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Web Authorization Protocol Working >> Group of the IETF. >> >> Title : OAuth 2.0 Token Introspection >> Author : Justin Richer >> Filename : draft-ietf-oauth-introspection-01.txt >> Pages : 10 >> Date : 2014-11-30 >> >> Abstract: >> This specification defines a method for a protected resource to query >> an OAuth 2.0 authorization server to determine the active state of an >> OAuth 2.0 token and to determine meta-information about this token. >> OAuth 2.0 deployments can use this method to convey information about >> the authorization context of the token from the authorization server >> to the protected resource. >> >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/ >> >> There's also a htmlized version available at: >> http://tools.ietf.org/html/draft-ietf-oauth-introspection-01 >> >> A diff from the previous version is available at: >> http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-introspection-01 >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
