[Openid-specs-ab] Uses of Authorization: Basic in the specs

John Bradley ve7jtb at ve7jtb.com
Tue Nov 15 22:22:02 UTC 2011


This is the token endpoint.

The options are including the password in the body, or basic.

We have a extension authentication method we defined.

BASIC is the thing most OAuth libraries support.

Are you referring to our extension authentication method as Bearer?

John
On 2011-11-15, at 7:43 AM, Mike Jones wrote:

> Standard contains this example:
>  
> POST /token HTTP/1.1
> Host: server.example.com
> Content-Type: application/x-www-form-urlencoded
> Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
>  
> grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
> &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
>  
> Is Basic a best practice we want to use as an example in the specs, or would Bearer be better?
>  
> This also appears in Session:
>  
> POST /token HTTP/1.1
> Host: server.example.com
> Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
> Content-Type: application/x-www-form-urlencoded
>  
> grant_type=authorization_code&client_id=s6BhdRkqt3&
> code=i1WsRn1uB1&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
>  
>                                                             -- Mike
>  
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111115/54e3922a/attachment.html>


More information about the Openid-specs-ab mailing list