Erin 💽✨Early drafts of OAuth2 did what?!
2.3.2. Response Format Authorization servers respond to client requests by including a set of response parameters in the entity body of the HTTP response. The response uses one of three formats based on the format requested by the client (using the "format" request parameter or the HTTP "Accept" header field): o The "application/json" media type as defined by [RFC4627]. The parameters are serialized into a JSON structure by adding each parameter at the highest structure level. Parameter names and string values are included as JSON strings. Numerical values are included as JSON numbers. For example: { "access_token":"SlAV32hkKG", "expires_in":3600, "refresh_token":"8xLOxBtZp8" } o The "application/xml" media type as defined by [RFC3023]. The parameters are serialized into an XML structure by adding each parameter as a child element of the root "<OAuth>" element. [[ Add namespace ]] For example: <?xml version='1.0' encoding="utf-8"?> <OAuth> <access_token>SlAV32hkKG</access_token> <expires_in>3600</expires_in> <refresh_token>8xLOxBtZp8</refresh_token> </OAuth> o The "application/x-www-form-urlencoded" media type as defined by [W3C.REC-html401-19991224]. For example (line breaks are for display purposes only): access_token=SlAV32hkKG&expires_in=3600& refresh_token=8xLOxBtZp8 The authorization server MUST include the HTTP "Cache-Control" response header field with a value of "no-store" in any response containing tokens, secrets, or other sensitive information.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.