On June 8, draft 27 of the OAuth 2.0 Authorization Specification and draft 20 of the OAuth 2.0 Bearer Token Specification were published. They addressed DISCUSS issues and COMMENTs raised for these specifications during IESG review.
Changes made to draft-ietf-oauth-v2 were:
- Added character set restrictions for
error
,error_description
, anderror_uri
parameters consistent with the OAuth Bearer spec. - Added “resource access error response” as an error usage location in the OAuth Extensions Error Registry.
- Added an ABNF for all message elements.
- Corrected editorial issues identified during review.
Changes made to draft-ietf-oauth-v2-bearer were:
- Added caveat about using a reserved query parameter name being counter to URI namespace best practices.
- Specified use of Cache-Control options when using the URI Query Parameter method.
- Changed title to “The OAuth 2.0 Authorization Framework: Bearer Token Usage”.
- Referenced syntax definitions for the
scope
,error
,error_description
, anderror_uri
parameters in the OAuth 2.0 core spec. - Registered the
invalid_request
,invalid_token
, andinsufficient_scope
error values in the OAuth Extensions Error Registry. - Acknowledged additional individuals.
The drafts are available at:
- http://tools.ietf.org/html/draft-ietf-oauth-v2-27
- http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-20
HTML-formatted versions are available at:
Leave a Reply
You must be logged in to post a comment.