<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Basic contains two instances of HTTP Content-Type headers with a ;charset=UTF=8 clause. These clauses aren’t present in the corresponding examples in Messages or Standard. I think they should be made consistent. I’d like input from experts
on the list.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The first example in Basic is:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">POST /token HTTP/1.1<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Host: server.example.com<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Content-Type: application/x-www-form-urlencoded<span style="color:red">;charset=UTF-8</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb<o:p></o:p></p>
<p class="MsoNormal">whereas the corresponding example in Standard is:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">POST /token HTTP/1.1<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Host: server.example.com<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Content-Type: application/x-www-form-urlencoded<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In this case, I think the clause should be removed from Basic. I think I remember that form-urlencoded doesn’t support a charset attribute, from OAuth Bearer discussions.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The second example in Basic is:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">HTTP/1.1 200 OK<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Content-Type: application/json<span style="color:red">;charset=UTF-8</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Cache-Control: no-store<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Pragma: no-cache<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">{<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> "access_token":"SlAV32hkKG",<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> "token_type":"bearer",<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> "expires_in":3600,<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> "id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso"<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">}<o:p></o:p></p>
<p class="MsoNormal">whereas the corresponding example in Standard is:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">HTTP/1.1 200 OK<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Content-Type: application/json<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Cache-Control: no-store<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Pragma: no-cache<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">{<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">"access_token": "SlAV32hkKG",<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">"token_type": "Bearer",<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">"refresh_token": "8xLOxBtZp8",<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">"expires_in": 3600,<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">"id_token": "eyJhbGciOiJSUzI1NiJ9.ew0K…"<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">}<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’ll note that the example in Section 4 of RFC6750 does include the charset. Thus, I think it should be added to Standard in this case.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">FYI, this is part of me working on issue #655: All - Specify UTF-8 as encoding scheme whenever necessary.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>