I’ve published draft 03 of the OAuth Bearer Token Specification. It contains one breaking change relative to draft 02 that was voted on by the working group: changing the “OAuth2” OAuth access token type name to “Bearer”. The full set of changes in this draft is:
- Restored the WWW-Authenticate response header functionality deleted from the framework specification in draft 12 based upon the specification text from draft 11.
- Augmented the OAuth Parameters registry by adding two additional parameter usage locations: “resource request” and “resource response”.
- Registered the “oauth_token” OAuth parameter with usage location “resource request”.
- Registered the “error” OAuth parameter.
- Created the OAuth Error registry and registered errors.
- Changed the “OAuth2” OAuth access token type name to “Bearer”.
The draft is available at these locations:
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html (will point to new versions as they are posted)
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt (will point to new versions as they are posted)
- https://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml (will point to new versions as they are posted)
- http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion repository, with html, txt, and html versions available)
Your feedback is solicited.