Hi Yves,

Thanks for the patch and your efforts!

Do you have a rebased version of this patch for me to try? Also, I would like
to see some test cases/examples of how this is used. That will help me do a
full review. Still, I've read the patch and here are my comments for now:

My first reaction to for example the Curl_output_mac() function is that it is
a lot of magic functionality with very little comments.

Curl_output_mac() should also not have to figure out the default port numbers
based on the conn->handler pointer, it can just use conn->remote_port.

When you #define macros, I think you should define them outside of the
funtions so that the definition is clearly not part of the function. I can't
see why you define and use CURL_OUTPUT_BEARER_CONV as its only used once.

There's a bunch of case sensitive string comparisons. That seems a little
unorthodox in protocol land. Are you sure they're not case insensitive in the
protocol?

Why the new curlx_tvgettimeofday() implementation? curlx_tvnow() is there
already, and if it isn't good enough I figure that's what should fixed. Or am
I missing something?

You're suggesting three new functions to the libcurl API but there's no docs
for them. I'm not at all happy with new functions dedicated solely for a
particular auth method for a particular protocol...

Several of the functions are define with the starting brace on the right side
of the function intead of in column 0 on the first line of the function.

Your patch modifies unrelated code in getparameter() where you've changed a
bunch of calls to str2unum() etc. Those changes may be fine, but how are they
oauth2 related?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html