Closed jayzes closed 11 years ago
This gem implements draft 10, and I'm not planning on implementing updates until the spec is finalized, unless there is a compelling security argument. There are just too many drafts to make implementing all the intervening updates worthwhile.
If/when the spec is finalized, we will consider updating this project to the final spec, at which point I will merge this in. I just don't want a codebase that's a mix of various draft details in the meantime.
I'd like to clarify this thing a little bit more. Does the current standard require either Bearer or OAuth to be used as prefix? Current code requires either of these.
The draft we support only allows OAuth
as the Authorization
header prefix, per http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.1.1.
Closing since we won't change this unless the spec is finalized.
From what I can tell, the current standard is to use the "Bearer" keyword in the Authorization header, instead of "OAuth" as this gem currently has it implemented. I changed it to support the newer keyword, but kept compatibility with the OAuth prefix for those relying on that behavior. Specs included as well.