Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

David Recordon <recordond@gmail.com> Wed, 05 May 2010 16:21 UTC

Return-Path: <recordond@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 64FE53A6ADA for <oauth@core3.amsl.com>; Wed, 5 May 2010 09:21:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.175
X-Spam-Level:
X-Spam-Status: No, score=-1.175 tagged_above=-999 required=5 tests=[AWL=-1.320, BAYES_20=-0.74, HTML_FONT_FACE_BAD=0.884, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQ1x3WJRubdV for <oauth@core3.amsl.com>; Wed, 5 May 2010 09:21:06 -0700 (PDT)
Received: from mail-iw0-f196.google.com (mail-iw0-f196.google.com [209.85.223.196]) by core3.amsl.com (Postfix) with ESMTP id 95EF23A6858 for <oauth@ietf.org>; Wed, 5 May 2010 09:17:07 -0700 (PDT)
Received: by iwn34 with SMTP id 34so6710563iwn.23 for <oauth@ietf.org>; Wed, 05 May 2010 09:16:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=gsyTDW36f/O+wfWv4kkJGvlbh6AM+7Q7lT43RKBajy8=; b=krBYyTM7k60sXEe97FNdQ1wbIp/UtaVWfgRCsLEi7kd4IG4Qy/krYnZ5TFyilj9gWz n3gCcEL431HttG21FDTeA43yk5ukfFi/xWYz5N0F/aaBAlLj1wVI8sBGUZtNLf6DtaLX cPnAeKi/cbvofWNp4hRGuxvRc2pq4mAIg8M20=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=BgeOKjfbDf9wTyC3XJBHC6yHQ7t9Yfh4qiSDFJzwlPkcx8AfLFc9hRRPOMvTtp1w4a iNJEqU24glGmv0lh2GM4cT1dTyE5eDF/f4bs3QkbkGZUyj/Br0n3pnviiHcrwZk8b72G ir2foRNseP3k7bqap7uJ3yJ5R0lWAfHYVTKHQ=
MIME-Version: 1.0
Received: by 10.231.173.129 with SMTP id p1mr191981ibz.85.1273076211564; Wed, 05 May 2010 09:16:51 -0700 (PDT)
Received: by 10.231.183.195 with HTTP; Wed, 5 May 2010 09:16:51 -0700 (PDT)
In-Reply-To: <AANLkTik3NSJynWfiNWovruPEOT2Y6G1zcWPFOaS_pHdy@mail.gmail.com>
References: <9890332F-E759-4E63-96FE-DB3071194D84@gmail.com> <s2zc334d54e1004281425x5e714eebwcd5a91af593a62ac@mail.gmail.com> <v2j68fba5c51004282044o3a5f96cfucb1157d3884d8cd2@mail.gmail.com> <4BD9E1E3.7060107@lodderstedt.net> <7C01E631FF4B654FA1E783F1C0265F8C4A3EF0B0@TK5EX14MBXC115.redmond.corp.microsoft.com> <z2yf5bedd151004291440g17693f8du9e19a649bef925e4@mail.gmail.com> <w2odaf5b9571004291509x8895a73k384a4b4ddb12b794@mail.gmail.com> <20100430105935.20255m8kdythy6sc@webmail.df.eu> <90C41DD21FB7C64BB94121FBBC2E723439323D0DB0@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTik3NSJynWfiNWovruPEOT2Y6G1zcWPFOaS_pHdy@mail.gmail.com>
Date: Wed, 05 May 2010 09:16:51 -0700
Message-ID: <o2wfd6741651005050916qf3f418aeg11d31bd36c4f0731@mail.gmail.com>
From: David Recordon <recordond@gmail.com>
To: Marius Scurtescu <mscurtescu@google.com>
Content-Type: multipart/alternative; boundary="001485eba2cc5cc2100485db27a1"
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2010 16:21:07 -0000

As long as we spec that the response can only contain one parameter (either
"error" or "access_token") then the code to parse it in PHP is as follows:

list($param, $value) = explode('=', $response, 2);
if ($param == 'access_token') {
} elseif ($param == 'error') {
}


If it can contain more than one value, then parsing becomes more difficult
and JSON starts to make sense.

--David


On Wed, May 5, 2010 at 8:42 AM, Marius Scurtescu <mscurtescu@google.com>wrote:

> On Wed, May 5, 2010 at 8:28 AM, Eran Hammer-Lahav <eran@hueniverse.com>
> wrote:
> > I'll add something to the draft and we'll discuss it. There is enough
> consensus on a single JSON response format.
>
> Yesterday I got the following feedback:
>
> On Tue, May 4, 2010 at 5:43 PM, Greg Robbins <grobbins@google.com> wrote:
> > Using JSON on the iPhone requires developers to drag in source code for a
> > third-party library.
> >
> > If their app isn't already relying on JSON for some other purpose, then
> > adding a third-party library is a somewhat substantial annoyance,
> > particularly for a mobile app where code size is important.
> >
> > If OAuth 2 is only intended for use with JSON APIs, then returning all
> > responses as JSON is reasonable. Otherwise, it's not so reasonable. A
> full
> > JSON parser is non-trivial, and seems like overkill for simple responses.
> >
> > The iPhone OS does have libxml2 and an event-style XML parser, but no
> really
> > easy way to extract data from XML, either.
> >
> > Form-style responses are much more straightforward to worth with given
> > simple string-manipulation utilities.
>
> If the above is true, then I am not so sure about JSON anymore. Lots
> of phones and devices will have problems with it.
>
> Marius
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>