- Changed parameter name bearer_token to access_token, per working group consensus.
- Changed HTTP status code for invalid_request error code from HTTP 401 (Unauthorized) back to HTTP 400 (Bad Request), per input from HTTP working group experts.
It doesn’t change the use of 403 (Forbidden) to (401) Unauthorized as had been discussed as a possibility, also due to input from the same HTTP working group experts.
The draft is available at these locations:
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html (will point to new versions as they are posted)
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.pdf (will point to new versions as they are posted)
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt (will point to new versions as they are posted)
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml (will point to new versions as they are posted)
- http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion repository, with html, pdf, txt, and html versions available)