OAuth logoI’ve published draft 03 of the OAuth Bearer Token Specification. It contains one breaking change relative to draft 02 that was voted on by the working group: changing the “OAuth2” OAuth access token type name to “Bearer”. The full set of changes in this draft is:

  • Restored the WWW-Authenticate response header functionality deleted from the framework specification in draft 12 based upon the specification text from draft 11.
  • Augmented the OAuth Parameters registry by adding two additional parameter usage locations: “resource request” and “resource response”.
  • Registered the “oauth_token” OAuth parameter with usage location “resource request”.
  • Registered the “error” OAuth parameter.
  • Created the OAuth Error registry and registered errors.
  • Changed the “OAuth2” OAuth access token type name to “Bearer”.

The draft is available at these locations:

Your feedback is solicited.