Re: [OAUTH-WG] OAuth Request JSON Encoding

Tom Jones <thomasclinganjones@gmail.com> Mon, 13 July 2020 15:21 UTC

Return-Path: <thomasclinganjones@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38FDF3A1380 for <oauth@ietfa.amsl.com>; Mon, 13 Jul 2020 08:21:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cj8Q96nw5NTm for <oauth@ietfa.amsl.com>; Mon, 13 Jul 2020 08:21:10 -0700 (PDT)
Received: from mail-oi1-x231.google.com (mail-oi1-x231.google.com [IPv6:2607:f8b0:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF3FF3A167F for <oauth@ietf.org>; Mon, 13 Jul 2020 08:20:08 -0700 (PDT)
Received: by mail-oi1-x231.google.com with SMTP id y22so11253103oie.8 for <oauth@ietf.org>; Mon, 13 Jul 2020 08:20:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KdWd8obSHTmyk8OS0KZBjj1e4TcIMaf6r8MNKFBl0RE=; b=CqBV1g6ZLTvtUQQk2PxKFd7bjOcWaZI+l/ortKe98Gu5gaoHK9Yuz6/zFc3oZjfKKx 11yYEqx4EnxWZwB09b6QWFxIe0LwP/e3Wxeub/cQJO5L9fgbWkLPALbw44FM2ZlJY83m FTAh4lHc2z3JE3qlezqSvDIpT4MynMf2fC5Ct7Yc4iXr0f1NE0tAF5E+Gde+JOQheIlO oj65C+yFICE9q9aG7wkKAoLnXnFbw6YM4M/x/KA2f1UTmX/dBAV/1VwMgPoKMFxOlCSZ tVkMysUIO4qeDrfNuuw0RqcGroPvgAqGSPdLdlG2FbdzU3MN0/dwn0Nq48I+lLYTo5Zn PoSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KdWd8obSHTmyk8OS0KZBjj1e4TcIMaf6r8MNKFBl0RE=; b=ng5r1b4UVdSlZNZjASyvYKpQK+YdAaTaktZ48UHOSL5YEVttANl/tRlk7JESwmn1m/ zscV/iQBk6WhP3ZQDMqgxla0f9EZ38cSfMQ2uM50/uK5dXBaBTUhM6MUM1k+pODKN+IM 0dKKMa7sk+cJkdfMOXUAWcn5N0Uu3uEfGJB/ckqT9PDzHl50lowXenEvNm8YYDEf4jTu 5K0OT18earMNzivYr80+Huz2r5HTmc4SNKXW+M4C1HfgIWmVNtthuVS2zqtsj7m97Z5o b7OOyun8C27mdhEp5zbVNZ1lU85WFvsmfLxRhATbtofCT8aO42P3tNKypyZBE8dCtQL0 atRQ==
X-Gm-Message-State: AOAM533quB97BOKeUj38zq3Fukxtf+A1HMmnszr96m1QvedrZhJuyPw2 xKZMJQQVrQmV9CvRj3er179npGLexuKEJUp120k=
X-Google-Smtp-Source: ABdhPJw9XKET0RzDPCxyzEFtSewxRFDaJPUENHVWhPxd37iYBdeFFzJG1ZBqwAavQeTbGtXhzHvSThek4EzkMKBnpQU=
X-Received: by 2002:aca:aa57:: with SMTP id t84mr319649oie.131.1594653607989; Mon, 13 Jul 2020 08:20:07 -0700 (PDT)
MIME-Version: 1.0
References: <0E71D133-A516-4F1C-92CB-36F181B1BA4A@mit.edu>
In-Reply-To: <0E71D133-A516-4F1C-92CB-36F181B1BA4A@mit.edu>
From: Tom Jones <thomasclinganjones@gmail.com>
Date: Mon, 13 Jul 2020 08:19:55 -0700
Message-ID: <CAK2Cwb4XLL0gWwY8XCSmfe=hGE0G5RFFUf-FQE_DhHR1KYtb_w@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d81e3d05aa5439fc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/HuE7vGvOuQYVshQxonRi975Gu28>
Subject: Re: [OAUTH-WG] OAuth Request JSON Encoding
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 15:21:12 -0000

What, exactly is json encoding? It sounds like a python or java method.
Afaik json can be encoded in utf 8 16 or 32. But form encoding is limited
to ascii or even to base64url
. Is that the point. Will GNAP specify one encoding?

thx ..Tom (mobile)

On Thu, Jul 9, 2020, 12:29 PM Justin Richer <jricher@mit.edu> wrote:

> In the ten years since OAuth started, we’ve seen a huge shift away from
> form encoding to JSON encoding for sending data to a server. And yet, OAuth
> is stuck with form encoding. So I thought, why can’t we change that?
>
> I put together a quick proposal for how this would work.
>
> https://www.ietf.org/id/draft-richer-oauth-json-request-00.html
>
> The basic idea is that you take the map of form inputs and make it into a
> JSON object. For some fields, like scope and authorization_details, you can
> define a JSON-specific encoding to make use of object and array structures
> native to JSON. You also don’t have to url-encode values inside the JSON
> strings.
>
> Caveat, I haven’t tried implementing this yet, but I think it’s not likely
> to be that difficult for either the client or server side of things. At
> worst it seems like it’d be a pretty simple middleware function.
> Functionality can be detected at the AS by the content negotiation in HTTP
> (client sends content-type of JSON), and can be advertised as an option in
> the metadata (or in an OPTIONS call to the token endpoint, to be more
> HTTP-friendly).
>
>  — Justin
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>