OAuth Core draft -28 has been published. Changes were:
- Updated the ABNF in the manner discussed by the working group, allowing
passwordto be Unicode and restricting
- Specifies the use of the application/x-www-form-urlencoded content-type encoding method to encode the
client_idwhen used as the password for HTTP Basic.
OAuth Bearer draft -21 has also been published. Changes were:
- Changed “NOT RECOMMENDED” to “not recommended” in caveat about the URI Query Parameter method.
- Changed “other specifications may extend this specification for use with other transport protocols” to “other specifications may extend this specification for use with other protocols”.
- Changed Acknowledgements to use only ASCII characters, per the RFC style guide.
The drafts are available at:
HTML-formatted versions are available at:
Thanks to Eran Hammer for approving the Core draft posting.