[Openid-specs-ab] Content-Type Charset header questions

Mike Jones Michael.Jones at microsoft.com
Mon Jan 21 07:44:37 UTC 2013 

Basic contains two instances of HTTP Content-Type headers with a ;charset=UTF=8 clause.  These clauses aren't present in the corresponding examples in Messages or Standard.  I think they should be made consistent.  I'd like input from experts on the list.

The first example in Basic is:
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
whereas the corresponding example in Standard is:
POST /token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb

In this case, I think the clause should be removed from Basic.  I think I remember that form-urlencoded doesn't support a charset attribute, from OAuth Bearer discussions.

The second example in Basic is:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
  "access_token":"SlAV32hkKG",
  "token_type":"bearer",
  "expires_in":3600,
  "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
  "id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso"
}
whereas the corresponding example in Standard is:
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache

{
"access_token": "SlAV32hkKG",
"token_type": "Bearer",
"refresh_token": "8xLOxBtZp8",
"expires_in": 3600,
"id_token": "eyJhbGciOiJSUzI1NiJ9.ew0K..."
}

I'll note that the example in Section 4 of RFC6750 does include the charset.  Thus, I think it should be added to Standard in this case.

FYI, this is part of me working on issue #655: All - Specify UTF-8 as encoding scheme whenever necessary.

                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130121/32c8bf51/attachment.html>

More information about the Openid-specs-ab mailing list