typo in basic section 2.1.6.1

Issue #918 resolved
Nov Matake
created an issue

The word "form-urlencoded" in the below sentence should be removed.

"The Client authenticates itself by communicating its form-urlencoded Client Credentials in an Authorization header using the HTTP Basic method"

https://bitbucket.org/openid/connect/src/581aa8f80f972120545f2c583f38a7d09f354712/openid-connect-basic-1_0.xml?at=default#cl-869

Comments (3)

  1. Brian Campbell

    Strange as it may seem, I believe it's correct as is.

    §2.3.1 of RFC 6749 (OAuth) has:

    "Clients in possession of a client password MAY use the HTTP Basic authentication scheme as defined in [RFC2617] to authenticate with the authorization server. The client identifier is encoded using the "application/x-www-form-urlencoded" encoding algorithm per Appendix B, and the encoded value is used as the username; the client password is encoded using the same algorithm and used as the password."

    see http://tools.ietf.org/html/rfc6749#section-2.3.1

  2. Log in to comment