Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

[Eran Hammer-Lahav <eran@hueniverse.com>]

I'll add something to the draft and we'll discuss it. There is enough consensus on a single JSON response format.

EHL
  

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Torsten Lodderstedt
> Sent: Friday, April 30, 2010 2:00 AM
> To: Brian Eaton
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON
> (Proposal)
> 
> 
> Zitat von Brian Eaton <beaton@google.com>:
> 
> > On Thu, Apr 29, 2010 at 2:40 PM, Mike Moore <blowmage@gmail.com>
> wrote:
> >> On Thu, Apr 29, 2010 at 2:49 PM, Yaron Goland <yarong@microsoft.com>
> wrote:
> >>>
> >>> Can we please just have one format, not 3? The more choices we give
> >>> the more interoperability suffers.
> >
> > Yes.  The number of parsers needed to make a working system is
> > important.  The spec has too many already.
> >
> > I'd like to see authorization servers returning JSON or XML, since
> > that's what the resource servers are doing.
> >
> > ...and given a choice between JSON and XML, I'd pick JSON.
> >
> 
> I agree. At Deutsche Telekom, we try to align our authorization APIs with the
> APIs provided by the resource servers. Authorization is "just" a small, but
> important, portion of the overall process and aligning it with the rest
> increases acceptance and decreases error rate.
> 
> None of the APIs we provide uses form encoding, most of them use JSON,
> some XML.
> Based on that observation I would like to see at least JSON support in OAuth.
> So JSON as the only would be fine with me.
> 
> My proposal is based on the observation that the WG did not come to a
> consensus about the one and only format.
> 
> I have collected the following opinions from the thread:
> 
> pro additional support for JSON and XML - Marius Scurtescu, John Jawed,
> Richard Barnes, Brian Eaton, Torsten Lodderstedt pro additional support for
> JSON - Dick Hardt (initiated the thread), Joseph Smarr still support
> application/x-www-form-urlencoded (unclear whether
> exclusively) - David Recordon, Gaurav Rastogi one format only (preference
> unclear) - Yaron Goland JSON as the only format (if forced to decide for a
> single format) - Brian Eaton, Torsten Lodderstedt JSON as the only format -
> James Manger, Robert Sayre application/x-www-form-urlencoded as the
> only format - Mike Moore JSON for responses as well - Marius Scurtescu
> 
> Here are some representative comments from the thread:
> 
> Joseph Smarr - "JSON is already widely supported (presumably including by
> most APIs that you're building OAuth support to be able to access!"
> 
> David Recordon - "it's drastically more complex for environments (like
> embedded hardware) which doesn't support JSON."
> 
> Paul C. Bryan - "I'm struggling to imagine hardware that on the one hand
> would support OAuth, but on the other would be incapable of supporting
> JSON..."
> 
> Gaurav Rastogi - "There are enough number of small embedded software
> stack where JSON is not an option."
> 
> So we have at least 9 votes pro JSON, but also 1 vote for application/x-www-
> form-urlencoded only.
> 
> How shall we proceed? Can we come to a consensus?
> 
> regards,
> Torsten.
> 
> > Cheers,
> > Brian
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> >
> 
> 
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth