I’ve published draft 04 of the OAuth Bearer Token Specification. All changes were in response to working group last call feedback on draft 03. The changes in this draft were:
- Added Bearer Token definition in Terminology section.
- Changed parameter name “oauth_token” to “bearer_token”.
- Added realm parameter to “WWW-Authenticate” response to comply with [RFC2617].
- Removed “[ RWS 1#auth-param ]” from “credentials” definition since it did not comply with the ABNF in [I-D.ietf-httpbis-p7-auth].
- Removed restriction that the “bearer_token” (formerly “oauth_token”) parameter be the last parameter in the entity-body and the HTTP request URI query.
- Do not require WWW-Authenticate Response in a reply to a malformed request, as an HTTP 400 Bad Request response without a WWW-Authenticate header is likely the right response in some cases of malformed requests.
- Removed OAuth Parameters registry extension.
- Numerous editorial improvements suggested by working group members.
The draft is available at these locations:
- http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-04.txt
- http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-04.xml
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer-04.html
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer-04.txt
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer-04.xml
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html (will point to new versions as they are posted)
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt (will point to new versions as they are posted)
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml (will point to new versions as they are posted)
- http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion repository, with html, txt, and html versions available)
