Re: [OAUTH-WG] Facebook updates to Draft 10
Olivier POITREY <rs@dailymotion.com> Fri, 10 September 2010 08:46 UTC
Return-Path: <rs@dailymotion.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C735C3A677D for <oauth@core3.amsl.com>; Fri, 10 Sep 2010 01:46:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TC-EbZcad9hz for <oauth@core3.amsl.com>; Fri, 10 Sep 2010 01:46:25 -0700 (PDT)
Received: from intsvc-02.dailymotion.com (intsvc-02.dailymotion.com [195.8.215.88]) by core3.amsl.com (Postfix) with ESMTP id 071103A659B for <oauth@ietf.org>; Fri, 10 Sep 2010 01:46:24 -0700 (PDT)
Received: from EXCHANGE-02.daily.local (unknown [195.8.215.118]) by intsvc-02.dailymotion.com (Postfix) with ESMTP id 49BFEA414D; Fri, 10 Sep 2010 10:46:51 +0200 (CEST)
Received: from EXCHANGE-02.daily.local ([195.8.215.118]) by exchange-02 ([195.8.215.118]) with mapi; Fri, 10 Sep 2010 10:43:46 +0200
From: Olivier POITREY <rs@dailymotion.com>
To: Paul Tarjan <paul.tarjan@facebook.com>
Date: Fri, 10 Sep 2010 10:46:49 +0200
Thread-Topic: [OAUTH-WG] Facebook updates to Draft 10
Thread-Index: ActQxEd/W65K/OQ3QK62MGCuarE2qQ==
Message-ID: <2ED35478-18D0-452C-AF4C-C5556809A97A@dailymotion.com>
References: <116056AD-0AC4-4BD9-BCF4-C4D2A75CF9D6@facebook.com>
In-Reply-To: <116056AD-0AC4-4BD9-BCF4-C4D2A75CF9D6@facebook.com>
Accept-Language: en-US, fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, fr-FR
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Facebook updates to Draft 10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Sep 2010 08:46:27 -0000
Hi Paul, Your implementation (and most other oAuth 2.0 implementations I've seen so far) are not using whitespace delimiter for the scope field. As I'm currently working on an oAuth 2.0 implementation for Dailymotion, I'm wondering why nobody seems to follow this part of the spec and use comas instead of whitespaces. Note that I would prefer coma over whitespace, whitespace have to be encoded and I find it a bit counter intuitive for this field. Best, On 9 sept. 2010, at 20:43, Paul Tarjan wrote: > Hi Fellow OAuthers, > > We just updated our Graph API's OAuth2 implementation to be draft 10 complaint. Yay! > > Well, I should say we are pretty close to draft 10. Some places we differ: > > * For now errors are not in the standard format :( This would break backwards compatibility and existing applications, so we are only going to turn it on for opted in applications until the spec is finalized. If anyone wants to use the new formats, send me your Facebook app's ID and I'll opt you in. > * if grant_type is not included, it is assumed to be "authorization_code" since that is what draft-00 did. > * If response_type is not included, it is assumed to be "code" since that is what draft-00 did. > > When the spec is finalized, we plan on doing a single opt-in migration for all non-backwards compatible changes. New application will be automatically on the final version, and older applications will have a time period to update. > > Some new things you can do: > > Here are a few links showing some of the new parameters to help you with discovery: > code_and_token: > http://graph.facebook.com/oauth/authorize?client_id=150629244948164&redirect_uri=http://paulisageek.com/facebook/app/&response_type=code_and_token > token: > http://graph.facebook.com/oauth/authorize?client_id=150629244948164&redirect_uri=http://paulisageek.com/facebook/app/&response_type=token > new error format: > http://graph.facebook.com/oauth/access_token?client_id=150629244948164&redirect_uri=http://paulisageek.com/facebook/app/ > error redirects: > http://graph.facebook.com/oauth/authorize?client_id=150629244948164&redirect_uri=http://paulisageek.com/facebook/app/&grant_type=junky_junk > > Feel free to ask questions and let me know if there are any places you don't think we are spec complaint. We plan on keeping up with changes as we all run this last mile to the final version. > > Thanks! > Paul > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Facebook updates to Draft 10 Paul Tarjan
- Re: [OAUTH-WG] Facebook updates to Draft 10 Olivier POITREY
- Re: [OAUTH-WG] Facebook updates to Draft 10 Paul Tarjan
- Re: [OAUTH-WG] Facebook updates to Draft 10 Olivier POITREY
- Re: [OAUTH-WG] Facebook updates to Draft 10 Eran Hammer-Lahav
- Re: [OAUTH-WG] Facebook updates to Draft 10 Olivier POITREY
- Re: [OAUTH-WG] Facebook updates to Draft 10 Eran Hammer-Lahav