Janak, thanks for the clarification. A constraint of the OAuth 2.1 draft is that it adds no new features beyond what has already been standardised and deployed.
While I am a fan of JSON, supporting both application/x-www-form-urlencoded and application/json will negatively impact interoperability and add complexity as the content type will need to be negotiated. If it is any consolation, GNAP is starting off with application/json. /Dick ᐧ On Tue, Oct 6, 2020 at 11:10 PM Janak Amarasena <janakama...@gmail.com> wrote: > Hi Aaron, > > Let me clarify a bit. What I meant was the spec does not make it mandatory > to use x-www-form-urlencoded I am stating this as I did not see any > clause with the word "MUST" with regard to this. And also what I was > asking was not to change using x-www-form-urlencoded to json. More like > about the possibility of adding an example of how the parameters should be > used if the request is sent in JSON format like shown in Justin's draft. > This will in turn imply JSON formatted requests are also acceptable and to > anyone who wants to support this media type has guidance. > > Best Regards, > Janak Amarasena > > On Tue, Oct 6, 2020 at 8:40 PM Aaron Parecki <aa...@parecki.com> wrote: > >> The spec does clearly require form-encoded POST requests to the token >> endpoint, it's not just an implication. The requests made include simple >> key/value pairs so there's nothing really gained by making this a JSON >> post. Changing that at this point would be a drastic breaking change to >> pretty much all existing code for very little benefit if any. >> >> That said, Justin Richer did already write up a draft exploring this >> topic, but it hasn't shown much interest in the group yet. >> >> https://www.ietf.org/id/draft-richer-oauth-json-request-00.html >> >> Aaron >> >> >> >> >> >> >> On Tue, Oct 6, 2020 at 7:18 AM Janak Amarasena <janakama...@gmail.com> >> wrote: >> >>> Hi All, >>> >>> As per my understanding OAuth 2(RFC6749) doesn't mandate any specific >>> media type to be used in the access token request. The spec implies >>> application/x-www-form-urlencoded should be used. Since the media type >>> application/json is very popular and widely used now, any thoughts on >>> referencing the use of this as well for access token requests? >>> >>> Best Regards, >>> Janak Amarasena >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >> -- >> --- >> Aaron Parecki >> https://aaronparecki.com >> >> _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
