[Openid-specs-ab] Uses of Authorization: Basic in the specs
Nat Sakimura
sakimura at gmail.com
Tue Nov 15 12:18:12 UTC 2011
That's a copy and paste from OAuth 2.0. We should avoid Basic.
=nat via iPhone
On 2011/11/15, at 18:43, Mike Jones <Michael.Jones at microsoft.com> wrote:
Standard contains this example:
POST /token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
Is Basic a best practice we want to use as an example in the specs, or
would Bearer be better?
This also appears in Session:
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&client_id=s6BhdRkqt3&
code=i1WsRn1uB1&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
-- Mike
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111115/bddc80f4/attachment.html>
More information about the Openid-specs-ab
mailing list