gt;> Sent: Thursday, July 01, 2010 2:51 PM
> >> To: Eran Hammer-Lahav
> >> Cc: Marius Scurtescu; Justin Richer; oauth@ietf.org
> >> Subject: Re: [OAUTH-WG] Support for query/body parameters (Was Re:
> >> Versioning)
> >>
> >> I essentially agre
ailed protected resource response).
EHL
-Original Message-
From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
Sent: Thursday, July 01, 2010 2:51 PM
To: Eran Hammer-Lahav
Cc: Marius Scurtescu; Justin Richer; oauth@ietf.org
Subject: Re: [OAUTH-WG] Support for query/body par
ahav
> Cc: Marius Scurtescu; Justin Richer; oauth@ietf.org
> Subject: Re: [OAUTH-WG] Support for query/body parameters (Was Re:
> Versioning)
>
> I essentially agreed, except in 3. the server should send back status code 401
> with a WWW-Authenticate header.
>
> regards,
> Tor
I essentially agreed, except in 3. the server should send back status
code 401 with a WWW-Authenticate header.
regards,
Torsten.
Am 01.07.2010 22:28, schrieb Eran Hammer-Lahav:
I think all servers must support the header. I don't think we can demand all
servers to support query or post parame
I think that works.
POST body support can even be moved to a separate spec, if anyone
really uses it.
Marius
On Thu, Jul 1, 2010 at 1:28 PM, Eran Hammer-Lahav wrote:
> I think all servers must support the header. I don't think we can demand all
> servers to support query or post parameters a
> To: Marius Scurtescu; Justin Richer
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Support for query/body parameters
> (Was Re: Versioning)
>
> I think all servers must support the header. I don't think we
> can demand all servers to support query or post parameters as
&
I think all servers must support the header. I don't think we can demand all
servers to support query or post parameters as that can conflict with their
existing namespace or architecture. I suggest we:
1. Make the "Token" scheme required in all resource servers
2. Allow resource servers to supp
