diff --git a/public/source/index.php b/public/source/index.php index 341df94..69e36f4 100644 --- a/public/source/index.php +++ b/public/source/index.php @@ -469,6 +469,8 @@
  • code_verifier - The original plaintext random string generated before starting the authorization request.
    • +

    The POST request parameters MUST be formatted following how [[!URL]] defines application/x-www-form-urlencoded. The POST request MUST define the Content-Type and Accept HTTP headers as application/x-www-form-urlencoded and application/json respectively.

    + Example request to authorization endpoint 
    
         
    Access Token Verification Request
    
 
-        
    If a resource server needs to verify that an access token is valid, it MUST make a GET request to the token endpoint containing an HTTP Authorization header with the Bearer Token according to [[!RFC6750]]. Note that the request to the endpoint will not contain any user-identifying information, so the resource server (e.g. Micropub endpoint) will need to know via out-of-band methods which token endpoint is in use.
    
+        
    If a resource server needs to verify that an access token is valid, it MUST make a GET request to the token endpoint containing an HTTP Authorization header with the Bearer Token according to [[!RFC6750]] and an HTTP Accept header set to application/json. Note that the request to the endpoint will not contain any user-identifying information, so the resource server (e.g. Micropub endpoint) will need to know via out-of-band methods which token endpoint is in use.
    
 
         
    GET https://example.org/token
   Authorization: Bearer xxxxxxxx
@@ -855,6 +857,7 @@
         
    Changes from 26 September 2020 to this version