IETF Logo Mail Archive

Re: [OAUTH-WG] Facebook updates to Draft 10

Paul Tarjan <paul.tarjan@facebook.com> Fri, 10 September 2010 13:19 UTC

Return-Path: <paul.tarjan@facebook.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E132C3A67FE for <oauth@core3.amsl.com>; Fri, 10 Sep 2010 06:19:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.778
X-Spam-Level:
X-Spam-Status: No, score=-101.778 tagged_above=-999 required=5 tests=[AWL=0.623, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2pAs-6CPL4Pi for <oauth@core3.amsl.com>; Fri, 10 Sep 2010 06:19:39 -0700 (PDT)
Received: from mx-out.facebook.com (outmail024.snc1.tfbnw.net [69.63.178.183]) by core3.amsl.com (Postfix) with ESMTP id 9CB843A6A41 for <oauth@ietf.org>; Fri, 10 Sep 2010 06:19:39 -0700 (PDT)
Received: from [10.18.255.138] ([10.18.255.138:18007] helo=mail.thefacebook.com) by mta026.snc1.facebook.com (envelope-from <paul.tarjan@facebook.com>) (ecelerity 2.2.2.45 r(34067)) with ESMTP id 73/46-04838-5803A8C4; Fri, 10 Sep 2010 06:20:05 -0700
Received: from SC-MBX04.TheFacebook.com ([169.254.3.109]) by sc-hub04.TheFacebook.com ([fe80::8df5:7f90:d4a0:bb9%11]) with mapi; Fri, 10 Sep 2010 06:20:03 -0700
From: Paul Tarjan <paul.tarjan@facebook.com>
To: Olivier POITREY <rs@dailymotion.com>
Thread-Topic: [OAUTH-WG] Facebook updates to Draft 10
Thread-Index: AQHLUMS5++PmBqXLUkq5T97GC6ItYJMLqYoA
Date: Fri, 10 Sep 2010 13:19:58 +0000
Message-ID: <F36BEEAF-078A-4BD8-8061-50F03BE3F0F7@facebook.com>
References: <116056AD-0AC4-4BD9-BCF4-C4D2A75CF9D6@facebook.com> <2ED35478-18D0-452C-AF4C-C5556809A97A@dailymotion.com>
In-Reply-To: <2ED35478-18D0-452C-AF4C-C5556809A97A@dailymotion.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-ID: <386f2ef9-0185-40d6-92cc-74c82c1b980e>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Facebook updates to Draft 10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Sep 2010 13:19:41 -0000

Hi Olivier,

We should be accepting both (since we are trying to be backwards compatible with Draft 00)

http://graph.facebook.com/oauth/authorize?client_id=150629244948164&redirect_uri=http://paulisageek.com/facebook/app/&scope=publish_stream%20offline_access%20xmpp_login

Does one of our docs pages recommend a comma separated string? If so, please send me the URL and I'll update it.

Paul

On Sep 10, 2010, at 4:46 AM, Olivier POITREY wrote:

> Hi Paul,
> 
> Your implementation (and most other oAuth 2.0 implementations I've seen so far) are not using whitespace delimiter for the scope field. As I'm currently working on an oAuth 2.0 implementation for Dailymotion, I'm wondering why nobody seems to follow this part of the spec and use comas instead of whitespaces. Note that I would prefer coma over whitespace, whitespace have to be encoded and I find it a bit counter intuitive for this field.
> 
> Best,
> 
> 
> On 9 sept. 2010, at 20:43, Paul Tarjan wrote:
> 
>> Hi Fellow OAuthers,
>> 
>> We just updated our Graph API's OAuth2 implementation to be draft 10 complaint. Yay!
>> 
>> Well, I should say we are pretty close to draft 10. Some places we differ:
>> 
>> * For now errors are not in the standard format :( This would break backwards compatibility and existing applications, so we are only going to turn it on for opted in applications until the spec is finalized. If anyone wants to use the new formats, send me your Facebook app's ID and I'll opt you in.
>> * if grant_type is not included, it is assumed to be "authorization_code" since that is what draft-00 did.
>> * If response_type is not included, it is assumed to be "code" since that is what draft-00 did.
>> 
>> When the spec is finalized, we plan on doing a single opt-in migration for all non-backwards compatible changes. New application will be automatically on the final version, and older applications will have a time period to update.
>> 
>> Some new things you can do:
>> 
>> Here are a few links showing some of the new parameters to help you with discovery:
>> code_and_token: 
>> http://graph.facebook.com/oauth/authorize?client_id=150629244948164&redirect_uri=http://paulisageek.com/facebook/app/&response_type=code_and_token
>> token: 
>> http://graph.facebook.com/oauth/authorize?client_id=150629244948164&redirect_uri=http://paulisageek.com/facebook/app/&response_type=token
>> new error format:
>> http://graph.facebook.com/oauth/access_token?client_id=150629244948164&redirect_uri=http://paulisageek.com/facebook/app/
>> error redirects:
>> http://graph.facebook.com/oauth/authorize?client_id=150629244948164&redirect_uri=http://paulisageek.com/facebook/app/&grant_type=junky_junk
>> 
>> Feel free to ask questions and let me know if there are any places you don't think we are spec complaint. We plan on keeping up with changes as we all run this last mile to the final version.
>> 
>> Thanks!
>> Paul
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email