<div dir="ltr"><div>I'll give my input though I wouldn't use the word "expert" anywhere near it.<br><br>My understanding is that charset shouldn't be included with application/json. See <a href="http://stackoverflow.com/questions/13096259/can-charset-parameter-be-used-with-application-json-content-type-in-http-1-1" target="_blank">http://stackoverflow.com/questions/13096259/can-charset-parameter-be-used-with-application-json-content-type-in-http-1-1</a> and particularly the response from Julian Reschke. Although examples in RFCs 6749 and 6750 do include it (and so does my own software for that matter) so I'm a little unsure what should be done in Connect. <br>
<br></div>I think you are correct that the charset should be removed from the Content-Type: application/x-www-form-urlencoded<span style="color:red"></span> POST example in Basic. That was done in -29 of what would become RFC 6749 <a href="http://tools.ietf.org/html/draft-ietf-oauth-v2-31#appendix-D">http://tools.ietf.org/html/draft-ietf-oauth-v2-31#appendix-D</a> and Julian also gave some reasoning about the content type and encoding in general at <a href="http://tools.ietf.org/html/rfc6749#appendix-B">http://tools.ietf.org/html/rfc6749#appendix-B</a><br>
<div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jan 21, 2013 at 12:44 AM, Mike Jones <span dir="ltr"><<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="">Basic contains two instances of HTTP Content-Type headers with a ;charset=UTF=8 clause. These clauses aren’t present in the corresponding examples in Messages or Standard. I think they should be made consistent. I’d like input from experts
on the list.<u></u><u></u></p>
<p class=""><u></u> <u></u></p>
<p class="">The first example in Basic is:<u></u><u></u></p>
<p class="" style="margin-left:0.5in">POST /token HTTP/1.1<u></u><u></u></p>
<p class="" style="margin-left:0.5in">Host: <a href="http://server.example.com" target="_blank">server.example.com</a><u></u><u></u></p>
<p class="" style="margin-left:0.5in">Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW<u></u><u></u></p>
<p class="" style="margin-left:0.5in">Content-Type: application/x-www-form-urlencoded<span style="color:red">;charset=UTF-8</span><u></u><u></u></p>
<p class="" style="margin-left:0.5in"><u></u> <u></u></p>
<p class="" style="margin-left:0.5in">grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA<u></u><u></u></p>
<p class="" style="margin-left:0.5in">&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb<u></u><u></u></p>
<p class="">whereas the corresponding example in Standard is:<u></u><u></u></p>
<p class="" style="margin-left:0.5in">POST /token HTTP/1.1<u></u><u></u></p>
<p class="" style="margin-left:0.5in">Host: <a href="http://server.example.com" target="_blank">server.example.com</a><u></u><u></u></p>
<p class="" style="margin-left:0.5in">Content-Type: application/x-www-form-urlencoded<u></u><u></u></p>
<p class="" style="margin-left:0.5in">Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW<u></u><u></u></p>
<p class="" style="margin-left:0.5in"><u></u> <u></u></p>
<p class="" style="margin-left:0.5in">grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA<u></u><u></u></p>
<p class="" style="margin-left:0.5in">&redirect_uri=https%3A%2F%<a href="http://2Fclient.example.org" target="_blank">2Fclient.example.org</a>%2Fcb<u></u><u></u></p>
<p class=""><u></u> <u></u></p>
<p class="">In this case, I think the clause should be removed from Basic. I think I remember that form-urlencoded doesn’t support a charset attribute, from OAuth Bearer discussions.<u></u><u></u></p>
<p class=""><u></u> <u></u></p>
<p class="">The second example in Basic is:<u></u><u></u></p>
<p class="" style="margin-left:0.5in">HTTP/1.1 200 OK<u></u><u></u></p>
<p class="" style="margin-left:0.5in">Content-Type: application/json<span style="color:red">;charset=UTF-8</span><u></u><u></u></p>
<p class="" style="margin-left:0.5in">Cache-Control: no-store<u></u><u></u></p>
<p class="" style="margin-left:0.5in">Pragma: no-cache<u></u><u></u></p>
<p class="" style="margin-left:0.5in">{<u></u><u></u></p>
<p class="" style="margin-left:0.5in"> "access_token":"SlAV32hkKG",<u></u><u></u></p>
<p class="" style="margin-left:0.5in"> "token_type":"bearer",<u></u><u></u></p>
<p class="" style="margin-left:0.5in"> "expires_in":3600,<u></u><u></u></p>
<p class="" style="margin-left:0.5in"> "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",<u></u><u></u></p>
<p class="" style="margin-left:0.5in"> "id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso"<u></u><u></u></p>
<p class="" style="margin-left:0.5in">}<u></u><u></u></p>
<p class="">whereas the corresponding example in Standard is:<u></u><u></u></p>
<p class="" style="margin-left:0.5in">HTTP/1.1 200 OK<u></u><u></u></p>
<p class="" style="margin-left:0.5in">Content-Type: application/json<u></u><u></u></p>
<p class="" style="margin-left:0.5in">Cache-Control: no-store<u></u><u></u></p>
<p class="" style="margin-left:0.5in">Pragma: no-cache<u></u><u></u></p>
<p class="" style="margin-left:0.5in"><u></u> <u></u></p>
<p class="" style="margin-left:0.5in">{<u></u><u></u></p>
<p class="" style="margin-left:0.5in">"access_token": "SlAV32hkKG",<u></u><u></u></p>
<p class="" style="margin-left:0.5in">"token_type": "Bearer",<u></u><u></u></p>
<p class="" style="margin-left:0.5in">"refresh_token": "8xLOxBtZp8",<u></u><u></u></p>
<p class="" style="margin-left:0.5in">"expires_in": 3600,<u></u><u></u></p>
<p class="" style="margin-left:0.5in">"id_token": "eyJhbGciOiJSUzI1NiJ9.ew0K…"<u></u><u></u></p>
<p class="" style="margin-left:0.5in">}<u></u><u></u></p>
<p class=""><u></u> <u></u></p>
<p class="">I’ll note that the example in Section 4 of RFC6750 does include the charset. Thus, I think it should be added to Standard in this case.<u></u><u></u></p>
<p class=""><u></u> <u></u></p>
<p class="">FYI, this is part of me working on issue #655: All - Specify UTF-8 as encoding scheme whenever necessary.<span><font color="#888888"><u></u><u></u></font></span></p><span><font color="#888888">
<p class=""><u></u> <u></u></p>
<p class=""> -- Mike<u></u><u></u></p>
<p class=""><u></u> <u></u></p>
</font></span></div>
</div>
<br>_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br></blockquote></div><br></div></div></div></div>