On Sun, Jul 6, 2025 at 1:13 PM Neil Madden <[email protected]> wrote:
> On 6 Jul 2025, at 13:22, Dick Hardt <[email protected]> wrote: > > > Do we as a WG want to be aligned with the HTTP spec, or align with what > is widely deployed? > > > I don’t think we can change the case-insensitivity of the auth scheme, but > we can certainly RECOMMEND that clients send “Bearer ” with exactly 1 space > and title-case. > Indeed, I don't think we are in a good position to change normative definitions from HTTP (e.g., datatracker.ietf.org/doc/html/rfc9110#section-11.1 and https://datatracker.ietf.org/doc/html/rfc9110#section-11.4) but it might not be unreasonable to recommend/suggest certain client behavior aimed at improved interoperability given the realities of some commonly deployed server code. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
