[OAUTH-WG] OAuth 2.0 Bearer Token specification draft -01

2010-12-01 Thread Mike Jones
Draft -01 of the OAuth 2.0 Bearer Token specification is now available. This version is intended to accompany OAuth 2.0 draft -11. This draft is based upon the September 3rd preliminary OAuth 2.0 draft by Eran Hammer-Lahav, with

[OAUTH-WG] I-D Action:draft-ietf-oauth-v2-bearer-01.txt

2010-12-01 Thread Internet-Drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Open Authentication Protocol Working Group of the IETF. Title : The OAuth 2.0 Protocol: Bearer Tokens Author(s) : M. Jones, et al. Filename

[OAUTH-WG] I-D Action:draft-ietf-oauth-v2-bearer-00.txt

2010-12-01 Thread Internet-Drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Open Authentication Protocol Working Group of the IETF. Title : The OAuth 2.0 Protocol: Bearer Tokens Author(s) : M. Jones, et al. Filename

Re: [OAUTH-WG] Comment on 'application/x-www-form-urlencoded' for URI parameters

2010-12-01 Thread Eran Hammer-Lahav
The latest reference is: http://www.w3.org/TR/html5/association-of-controls-and-forms.html#application-x-www-form-urlencoded-encoding-algorithm But that's still a draft. EHL > -Original Message- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Subbu Allamara

[OAUTH-WG] Comment on 'application/x-www-form-urlencoded' for URI parameters

2010-12-01 Thread Subbu Allamaraju
Here is some feedback on the use of the 'application/x-www-form-urlencoded' media type in the latest drafts (10 or 11). The draft refers to the 'application/x-www-form-urlencoded' media type for encoding parameters into the query component of URIs. For instance, see 4.1 in draft 11 has "In ord

Re: [OAUTH-WG] Requesting mutliple scope, but user authorizes not all

2010-12-01 Thread Justin Richer
Just as a matter of clarification about the downscope language in the spec: The downscoping capability here is intended mostly for getting special-use tokens, for things like redelegation to other apps. So say I grant access to AppA with scope "read write", and AppA gets a refresh and access token

Re: [OAUTH-WG] Requesting mutliple scope, but user authorizes not all

2010-12-01 Thread David Primmer
As Eran pointed out, the way you've formatted your scope request, you've only specified one scope and I'd guess to keep things simple and consistent can either be approved or denied. I don't have a spec reference about what happens when the user doesn't approve but I assume the response is sent to