[Openid-specs-ab] Uses of Authorization: Basic in the specs

Nat Sakimura sakimura at gmail.com
Tue Nov 15 12:18:12 UTC 2011


That's a copy and paste from OAuth 2.0. We should avoid Basic.

=nat via iPhone

On 2011/11/15, at 18:43, Mike Jones <Michael.Jones at microsoft.com> wrote:

  Standard contains this example:



POST /token HTTP/1.1

Host: server.example.com

Content-Type: application/x-www-form-urlencoded

Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW



grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA

&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb



Is Basic a best practice we want to use as an example in the specs, or
would Bearer be better?



This also appears in Session:



POST /token HTTP/1.1

Host: server.example.com

Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

Content-Type: application/x-www-form-urlencoded



grant_type=authorization_code&client_id=s6BhdRkqt3&

code=i1WsRn1uB1&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb



                                                            -- Mike



_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111115/bddc80f4/attachment.html>


More information about the Openid-specs-ab mailing list