- changed status to resolved
Standard - 6.1 UserInfo text clarification on the use of access_token
Issue #135
resolved
Standard currently says in the access_token description in 6.1: “If the client is using the HTTP GET method, it SHOULD send the access token in the authorization header.” I would add to this: “The access_token MAY alternatively be sent in the message body, as described in the OAuth.2.0.Bearer specification.”
Comments (1)
-
- Log in to comment
Consolidated changes through 29-Sep-11 for SVN checking and specs release. Fix
#135, clarifying that the access_token MAY be sent in the message body.→ c6a7ba29d135