You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Are there any plans in place to force the library to only check for an Authorization header by passing in a variable. Doing this would be useful in situations where an API would only look for Authorization header. By passing in this flag to the Resource->isValid() method (and therefore into the Resource->determineAccessToken() method - the developer in this case is choosing to adopt the standards of the OAuth2 spec, whereby Authorization header is still supported, but the query param support is removed.
Are there any plans in place to force the library to only check for an Authorization header by passing in a variable. Doing this would be useful in situations where an API would only look for Authorization header. By passing in this flag to the Resource->isValid() method (and therefore into the Resource->determineAccessToken() method - the developer in this case is choosing to adopt the standards of the OAuth2 spec, whereby Authorization header is still supported, but the query param support is removed.
The official specification lays out how here - http://tools.ietf.org/html/rfc6749#section-7 - how it expects Authorization to take place when "Accessing Protected Resources" e.g. using our API. See bottom of paragraph two - how it expects the actual Access Token to be passed here http://tools.ietf.org/html/rfc6750#section-2
The text was updated successfully, but these errors were encountered: