Menu
Quick question regarding the OAuth2 Spec, in particular section 5.1.5.
Reading that spec, it appears that the response needs to be formatted as JSON regardless of the format requested. Is that the standard or are other formats (i.e. XML) also supported? Thanks.
335
Access token is a type of token that is assigned by the authorization server. The authorization server issues the access token if the access token request is valid and authorized. If the token access request is invalid or unauthorized, then the authorization server returns an error response.
If the access token request is invalid, such as the redirect URL didn't match the one used during authorization, then the server needs to return an error response. Error responses are returned with an HTTP 400 status code (unless specified otherwise), with error and error_description parameters.
The OAuth 2.0 specification allows for registration of space-separated response_type parameter values. If a Response Type contains one of more space characters (%20), it is compared as a space-delimited list of values in which the order of values does not matter.
OAuth 2.0 uses Access Tokens. An Access Token is a piece of data that represents the authorization to access resources on behalf of the end-user. OAuth 2.0 doesn't define a specific format for Access Tokens. However, in some contexts, the JSON Web Token (JWT) format is often used.
From revision 07 of the spec (from the changelog): "Removed multiple formats support, leaving JSON as the only format." Oauth2 Spec Document History
102
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
