[Openid-specs-ab] Uses of Authorization: Basic in the specs

Anthony Nadalin tonynad at microsoft.com
Wed Nov 16 02:39:04 UTC 2011


There is also the assertion specification that adds an alternative, I would think that OpenID Connect can just use the methods outlined in the assertions spec

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of John Bradley
Sent: Tuesday, November 15, 2011 2:22 PM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Uses of Authorization: Basic in the specs

This is the token endpoint.

The options are including the password in the body, or basic.

We have a extension authentication method we defined.

BASIC is the thing most OAuth libraries support.

Are you referring to our extension authentication method as Bearer?

John
On 2011-11-15, at 7:43 AM, Mike Jones wrote:


Standard contains this example:

POST /token HTTP/1.1
Host: server.example.com<http://server.example.com>
Content-Type: application/x-www-form-urlencoded
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

Is Basic a best practice we want to use as an example in the specs, or would Bearer be better?

This also appears in Session:

POST /token HTTP/1.1
Host: server.example.com<http://server.example.com>
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&client_id=s6BhdRkqt3&
code=i1WsRn1uB1&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

                                                            -- Mike

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111116/883c0a4d/attachment-0001.html>


More information about the Openid-specs-ab mailing list