> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Manger, James H
> Sent: Thursday, December 02, 2010 7:59 PM
> > What does scheme=basic mean [in a token response]?
>
> It means this token response contains credentials that can be used wi
> -Original Message-
> From: Mike Jones [mailto:michael.jo...@microsoft.com]
> Sent: Friday, December 03, 2010 5:19 PM
> To: Eran Hammer-Lahav; OAuth WG
> Subject: RE: Bikeshedding poll: 'attributes' parameter vs. attributes
> parameters
>
> To understand your thinking a little more, Era
The argument was, since these are basic credentials, they should be used in the
native HTTP method using the header. But since that is not as simple as a pair
of parameters, we ended up with both. The easy way and the right way.
>From implementing it, my experience has been that it can be hard t
This is not how most HTTP authentication frameworks work (that was the
conclusion from my HTTP Token scheme proposal a year ago). Most frameworks
rather switch on the scheme name, not on a parameter inside the header.
EHL
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-bou
Token type is as simple as informing the client how to use the token issued. If
you tell it 'bearer' is means 'present it as is without having to do anything
else'. If you tell it 'mac' is means 'construct a very specific signature base
string and hmac it with the provided secret'. For JWT it me
Marius,
> How about:
> - keeping the scheme "OAuth2", for both WWW-Authenticate and Authorization
> - define both as name/value pairs (WWW-Authenticate is already)
> - require that one of the pairs be "type="
>
> For example:
> WWW-Authenticate: OAuth2 type=bearer
> Authorization: OAuth2 token=vF9
