- From: Dima Voytenko <notifications@github.com>
- Date: Thu, 21 Jun 2018 15:25:03 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 21 June 2018 22:25:26 UTC
"Bearer" is in IANA and that's pretty much what these use cases imply. Bearer tokens are normally cryptographic. But my point was that a 3p site could just as easily try to enumerate with `access_token` query parameter. Not sure if OAuth2 didn't pursue or simply gave up for some reason. There's definitely been well documented intent to do so. E.g. see https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-16#section-2.1 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/770#issuecomment-399262409
Received on Thursday, 21 June 2018 22:25:26 UTC