[Openid-specs-ab] Uses of Authorization: Basic in the specs

Anthony Nadalin tonynad at microsoft.com
Wed Nov 16 02:39:04 UTC 2011

There is also the assertion specification that adds an alternative, I would think that OpenID Connect can just use the methods outlined in the assertions spec

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of John Bradley
Sent: Tuesday, November 15, 2011 2:22 PM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Uses of Authorization: Basic in the specs

This is the token endpoint.

The options are including the password in the body, or basic.

We have a extension authentication method we defined.

BASIC is the thing most OAuth libraries support.

Are you referring to our extension authentication method as Bearer?

On 2011-11-15, at 7:43 AM, Mike Jones wrote:

Standard contains this example:

POST /token HTTP/1.1
Host: server.example.com<http://server.example.com>
Content-Type: application/x-www-form-urlencoded
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW


Is Basic a best practice we want to use as an example in the specs, or would Bearer be better?

This also appears in Session:

POST /token HTTP/1.1
Host: server.example.com<http://server.example.com>
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded


                                                            -- Mike

Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111116/883c0a4d/attachment-0001.html>

More information about the Openid-specs-ab mailing list