[OAUTH-WG] question about the b64token syntax in draft-ietf-oauth-v2-bearer
Brian Campbell <bcampbell@pingidentity.com> Mon, 05 March 2012 22:40 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E99021F8685 for <oauth@ietfa.amsl.com>; Mon, 5 Mar 2012 14:40:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.699
X-Spam-Level:
X-Spam-Status: No, score=-5.699 tagged_above=-999 required=5 tests=[AWL=0.278, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mFAK6Yk7vb9Y for <oauth@ietfa.amsl.com>; Mon, 5 Mar 2012 14:40:52 -0800 (PST)
Received: from na3sys009aog111.obsmtp.com (na3sys009aog111.obsmtp.com [74.125.149.205]) by ietfa.amsl.com (Postfix) with ESMTP id 591E021F864F for <oauth@ietf.org>; Mon, 5 Mar 2012 14:40:52 -0800 (PST)
Received: from mail-vw0-f43.google.com ([209.85.212.43]) (using TLSv1) by na3sys009aob111.postini.com ([74.125.148.12]) with SMTP ID DSNKT1VA8+uSflOg3toxz5EV0T+4M/2y+mCq@postini.com; Mon, 05 Mar 2012 14:40:52 PST
Received: by mail-vw0-f43.google.com with SMTP id fq11so4705944vbb.2 for <oauth@ietf.org>; Mon, 05 Mar 2012 14:40:51 -0800 (PST)
Received-SPF: pass (google.com: domain of bcampbell@pingidentity.com designates 10.52.68.241 as permitted sender) client-ip=10.52.68.241;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of bcampbell@pingidentity.com designates 10.52.68.241 as permitted sender) smtp.mail=bcampbell@pingidentity.com
Received: from mr.google.com ([10.52.68.241]) by 10.52.68.241 with SMTP id z17mr37980906vdt.97.1330987251549 (num_hops = 1); Mon, 05 Mar 2012 14:40:51 -0800 (PST)
Received: by 10.52.68.241 with SMTP id z17mr32527226vdt.97.1330987251213; Mon, 05 Mar 2012 14:40:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.52.171.172 with HTTP; Mon, 5 Mar 2012 14:40:21 -0800 (PST)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 05 Mar 2012 14:40:21 -0800
Message-ID: <CA+k3eCTTsqJZ7XzjA1qgxEJcyU0uio5EN2=yvs+h6ja1JEymiQ@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQl7364sipDrx+2dDv59FDTR6T+R2JyrxXGhbgAA3qCHTT2DFUlYb0kqYh66cr7OFD4tN6Mg
Subject: [OAUTH-WG] question about the b64token syntax in draft-ietf-oauth-v2-bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Mar 2012 22:40:53 -0000
On casual reading of "The OAuth 2.0 Authorization Protocol: Bearer Tokens"* I've encountered several people (including myself) who have made the assumption that the name b64token implies that some kind of base64 encoding/decoding on the access token is taking place between the client and RS. Digging a bit deeper in to "HTTP/1.1, part 7: Authentication"**, however, I see that b64token is just an ABNF syntax definition allowing for characters typically used in base64, base64url, etc.. So the b64token doesn't define any encoding or decoding but rather just defines what characters can be used in the part of the Authorization header that will contain the access token. Do I read this correctly? If so, I feel like some additional clarifying text in the Bearer Tokens draft might help avoid what is (based on my small sample) a common point of misunderstanding. Also, does the use of b64token implicitly limit the allowed characters that an AS can use to construct a bearer access token? Thanks, Brian * http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-17#section-2.1 ** http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-18#section-2.1
- [OAUTH-WG] question about the b64token syntax in … Brian Campbell
- Re: [OAUTH-WG] question about the b64token syntax… Manger, James H
- Re: [OAUTH-WG] question about the b64token syntax… Mike Jones
- Re: [OAUTH-WG] question about the b64token syntax… Brian Campbell
- Re: [OAUTH-WG] question about the b64token syntax… Paul Madsen
- Re: [OAUTH-WG] question about the b64token syntax… Justin Richer
- Re: [OAUTH-WG] question about the b64token syntax… William Mills
- Re: [OAUTH-WG] question about the b64token syntax… Brian Campbell
- Re: [OAUTH-WG] question about the b64token syntax… William Mills
- Re: [OAUTH-WG] question about the b64token syntax… Justin Richer
- Re: [OAUTH-WG] question about the b64token syntax… Brian Campbell
- Re: [OAUTH-WG] question about the b64token syntax… Paul Madsen
- Re: [OAUTH-WG] question about the b64token syntax… Mike Jones
- Re: [OAUTH-WG] question about the b64token syntax… Manger, James H
- Re: [OAUTH-WG] question about the b64token syntax… Paul Madsen
- Re: [OAUTH-WG] question about the b64token syntax… John Bradley
- Re: [OAUTH-WG] question about the b64token syntax… Brian Campbell
- Re: [OAUTH-WG] question about the b64token syntax… Richer, Justin P.
- Re: [OAUTH-WG] question about the b64token syntax… George Fletcher