Hi Aaron, Let me clarify a bit. What I meant was the spec does not make it mandatory to use x-www-form-urlencoded I am stating this as I did not see any clause with the word "MUST" with regard to this. And also what I was asking was not to change using x-www-form-urlencoded to json. More like about the possibility of adding an example of how the parameters should be used if the request is sent in JSON format like shown in Justin's draft. This will in turn imply JSON formatted requests are also acceptable and to anyone who wants to support this media type has guidance.
Best Regards, Janak Amarasena On Tue, Oct 6, 2020 at 8:40 PM Aaron Parecki <aa...@parecki.com> wrote: > The spec does clearly require form-encoded POST requests to the token > endpoint, it's not just an implication. The requests made include simple > key/value pairs so there's nothing really gained by making this a JSON > post. Changing that at this point would be a drastic breaking change to > pretty much all existing code for very little benefit if any. > > That said, Justin Richer did already write up a draft exploring this > topic, but it hasn't shown much interest in the group yet. > > https://www.ietf.org/id/draft-richer-oauth-json-request-00.html > > Aaron > > > > > > > On Tue, Oct 6, 2020 at 7:18 AM Janak Amarasena <janakama...@gmail.com> > wrote: > >> Hi All, >> >> As per my understanding OAuth 2(RFC6749) doesn't mandate any specific >> media type to be used in the access token request. The spec implies >> application/x-www-form-urlencoded should be used. Since the media type >> application/json is very popular and widely used now, any thoughts on >> referencing the use of this as well for access token requests? >> >> Best Regards, >> Janak Amarasena >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > -- > --- > Aaron Parecki > https://aaronparecki.com > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
