<html><head></head><body bgcolor="#FFFFFF"><div>That's a copy and paste from OAuth 2.0. We should avoid Basic. <br><br>=nat via iPhone</div><div><br>On 2011/11/15, at 18:43, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a>> wrote:<br>
<br></div><div></div><blockquote type="cite"><div>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style>


<div class="WordSection1">
<p class="MsoNormal">Standard contains this example:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">POST /token HTTP/1.1</span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">Host: <a href="http://server.example.com">server.example.com</a></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">Content-Type: application/x-www-form-urlencoded</span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">Authorization:
<span style="background:yellow;mso-highlight:yellow">Basic</span> czZCaGRSa3F0MzpnWDFmQmF0M2JW</span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA</span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb</span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Is Basic a best practice we want to use as an example in the specs, or would
<span style="background:yellow;mso-highlight:yellow">Bearer</span> be better?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">This also appears in Session:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">POST /token HTTP/1.1</span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">Host: <a href="http://server.example.com">server.example.com</a></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW</span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">Content-Type: application/x-www-form-urlencoded</span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New""> </span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">grant_type=authorization_code&client_id=s6BhdRkqt3&</span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Courier New"">code=i1WsRn1uB1&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb</span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">                                                            -- Mike</p>
<p class="MsoNormal"> </p>
</div>


</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Openid-specs-ab mailing list</span><br><span><a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a></span><br>
<span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br></div></blockquote></body></html>