Fix authorization token Bearer prefix spelling in examples #372
Conversation
|
"BEARER" is perfectly legal https://www.rfc-editor.org/rfc/rfc9110.html#name-authentication-scheme |
|
According to RFC9110 the authentication scheme is indeed case-insensitive contrary to how it is defined in RFC6750, so this issue can be closed. Would it still be good to unify the scheme spelling in the examples? Edit: additionally I did not know that ABNF literal text strings are case-insensitive: https://www.rfc-editor.org/rfc/rfc5234#page-5. Hence the "Bearer" in RFC6750 can be spelled "BEARER" or "BeArEr", etc. |
|
@srosenda thanks a lot for doing the PR! Do you have contribution agreement/IPR signed with OIDF DCP WG? |
|
@srosenda you can always sign an individual contribution agreement. that would unblock us in a minute. |
srosenda
force-pushed
the
fix/authorization-bearer-spelling
branch
from
17a29ab
to
e0cde14
Compare
|
Rebased with main and amended the commit to unify the spelling also in the Token Response's |
Although the authorization scheme is case-insensitive, all the examples in the referred specifications RFC 6749 (and RFC 6750 referred by it) use the spelling "Bearer", which is also the spelling in the IANA HTTP Authentication Scheme Registry. Unified spelling reduces confusion and possible mistakes in implementations that have missed the case- insensitivity of the authentication scheme.
srosenda
force-pushed
the
fix/authorization-bearer-spelling
branch
from
e0cde14
to
03d4204
Compare
|
Fixed terminology to refer to authorization scheme in the commit message and signed the commit. |
the prefix should be spelled exactly as "Bearer", see RFC 6750, section 2.1. Authorization Request Header Field https://datatracker.ietf.org/doc/html/rfc6750#section-2.1.
Fixes #371.