Need help trying to understand the OAuth2 Spec

Question

The bearer token spec is the one I have a question about. I'm trying to figure out what characters are allowed in the token when placed in the Authorization: OAuth ...... header. Here's what the spec says

credentials = "OAuth2" RWS access-token [ RWS 1#auth-param ]
access-token = 1*( quoted-char / <"> )

quoted-char = "!" / "#" / "$" / "%" / "&" / "'" / "(" / ")" / "*" / "+" / "-" / "." / "/" / DIGIT / ":" / "<" / "=" / ">" / "?" / "@" / ALPHA / "[" / "]" / "^" / "_" / "`" / "{" / "|" / "}" / "~" / "" / "," / ";"

I'm not sure how to read this. I'm new at reading RFC's so if someone could explain it I would appreciate it.

I'm looking at the same spec and am similarly baffled. Perhaps this notation form is explained in one of the documents linked at the top of the spec ("this draft is submitted in conformance with..."). I'll post back here if I figure it out. My tokens have - and _ in them, don't know if I need to escape them! — heavi5ide, May 11 '11 at 20:36

score 1 · Answer 1 · answered May 11 '11 at 20:42

1

It looks like it's augmented BNF from the HTTP/1.1 spec (RFC2616):

http://www.rfc2616.com/#2.1

answered May 11 '11 at 20:42

heavi5ide

1,599
10
11

score 0 · Answer 2 · answered May 17 '11 at 16:01

0

You can simply use Base64 encode.

It doesn't use some of characters (ex. "!", "#"..) in the BNF though.

If you want to know all allowed characters,

"!" / "#" / "$" / "%" means all these characters ("!", "#", "$", "%") are allowed.

answered May 17 '11 at 16:01

nov matake

938
5
6

Need help trying to understand the OAuth2 Spec

2 Answers2