Re: [OAUTH-WG] Issue: state in web server flow
Eran Hammer-Lahav <eran@hueniverse.com> Mon, 19 April 2010 18:53 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF4A33A6991 for <oauth@core3.amsl.com>; Mon, 19 Apr 2010 11:53:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.47
X-Spam-Level:
X-Spam-Status: No, score=-2.47 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PCAQFi6Btgcl for <oauth@core3.amsl.com>; Mon, 19 Apr 2010 11:53:52 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id E28BF3A696E for <oauth@ietf.org>; Mon, 19 Apr 2010 11:53:51 -0700 (PDT)
Received: (qmail 29553 invoked from network); 19 Apr 2010 18:53:43 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.19) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 19 Apr 2010 18:53:43 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT001.EX1.SECURESERVER.NET ([72.167.180.19]) with mapi; Mon, 19 Apr 2010 11:53:39 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Marius Scurtescu <mscurtescu@google.com>, Dick Hardt <dick.hardt@gmail.com>
Date: Mon, 19 Apr 2010 11:53:42 -0700
Thread-Topic: [OAUTH-WG] Issue: state in web server flow
Thread-Index: Acrf5EbNdoKROtsaQ3qZeEw88z+1gAADQAmg
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723438E5C7F1BF@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <1E39CE38-763E-4E3D-96D4-DC757BD53B9D@gmail.com> <90C41DD21FB7C64BB94121FBBC2E723438E30A379E@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4776FFF7-45E6-4945-9548-382A9DB84A95@gmail.com> <r2v74caaad21004191017id7c48d54lc5ced6e9e164591e@mail.gmail.com>
In-Reply-To: <r2v74caaad21004191017id7c48d54lc5ced6e9e164591e@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Issue: state in web server flow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2010 18:53:52 -0000
> -----Original Message----- > From: Marius Scurtescu [mailto:mscurtescu@google.com] > Sent: Monday, April 19, 2010 10:18 AM > I don't think it is possible to enforce callbacks without any query parameters. > See the Drupal example. In the Drupal example the client server adds its silly parameters internally. They are not included in what the client provides as its callback URI. Can you give an actual callback URI example? Also, if the client requires query parameters in its callback, it just means it cannot use the client state OAuth parameter. EHL
- [OAUTH-WG] Issue: state in web server flow Dick Hardt
- Re: [OAUTH-WG] Issue: state in web server flow Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: state in web server flow Dick Hardt
- Re: [OAUTH-WG] Issue: state in web server flow Evan Gilbert
- Re: [OAUTH-WG] Issue: state in web server flow Marius Scurtescu
- Re: [OAUTH-WG] Issue: state in web server flow Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: state in web server flow Marius Scurtescu
- Re: [OAUTH-WG] Issue: state in web server flow Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: state in web server flow Marius Scurtescu