-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add section on OAuth 2.0 and bearer tokens. #231
Conversation
I wonder if it's worth leaving the door open to later versions of OAuth which may exist before these docs are updated? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Existing language does not make sense for requirements, suggested changes.
- It makes no sense to explicitly disallow OAuth 1.0 if someone's crazy enough to use it.
- The name of the protocol is not "Open Authorization".
- There should be no restrictions placed by this API on grant types. (Nor should examples be used)
- Getting tokens and using tokens are two different requirement spaces, and this language mashes them together in ways that make dangerous assumptions.
index.html
Outdated
@@ -315,7 +315,7 @@ <h4>Open Authorization (OAuth)</h4> | |||
<p> | |||
If Open Authorization is utilized for authorization, version 2.0 of the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If Open Authorization is utilized for authorization, version 2.0 of the | |
If Open Authorization (OAuth) is used for authorization, version 2.0 of the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK. I don't have a RESOLVE button, or I'd click it...
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Justin Richer <github@justin.richer.org>
8bcf0ab
to
901d266
Compare
I have concerns that the current language around OAuth 2.0 will result in zero tests being written in the test suite regarding OAuth 2.0 authorization. I have raised #234 to track that concern. Change requests processed, merging. |
This PR specifies that OAuth 2.0 and OAuth 2.0 bearer tokens can be used as an authorization protocol and access token format.
Preview | Diff