Re: [OAUTH-WG] Facebook updates to Draft 10

Are you sure ?

http://stackoverflow.com/questions/2366260/whats-valid-and-whats-not-in-a-uri-query/2375597#2375597

On 10 sept. 2010, at 17:00, Eran Hammer-Lahav <eran@hueniverse.com> wrote:

> That's not true. Both spaces and commas have to be encoded in form-encoded query parameters.
> 
> EHL
> 
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
>> Of Olivier POITREY
>> Sent: Friday, September 10, 2010 1:47 AM
>> To: Paul Tarjan
>> Cc: OAuth WG
>> Subject: Re: [OAUTH-WG] Facebook updates to Draft 10
>> 
>> Hi Paul,
>> 
>> Your implementation (and most other oAuth 2.0 implementations I've seen
>> so far) are not using whitespace delimiter for the scope field. As I'm currently
>> working on an oAuth 2.0 implementation for Dailymotion, I'm wondering why
>> nobody seems to follow this part of the spec and use comas instead of
>> whitespaces. Note that I would prefer coma over whitespace, whitespace
>> have to be encoded and I find it a bit counter intuitive for this field.
>> 
>> Best,
>> 
>> 
>> On 9 sept. 2010, at 20:43, Paul Tarjan wrote:
>> 
>>> Hi Fellow OAuthers,
>>> 
>>> We just updated our Graph API's OAuth2 implementation to be draft 10
>> complaint. Yay!
>>> 
>>> Well, I should say we are pretty close to draft 10. Some places we differ:
>>> 
>>> * For now errors are not in the standard format :( This would break
>> backwards compatibility and existing applications, so we are only going to
>> turn it on for opted in applications until the spec is finalized. If anyone wants
>> to use the new formats, send me your Facebook app's ID and I'll opt you in.
>>> * if grant_type is not included, it is assumed to be "authorization_code"
>> since that is what draft-00 did.
>>> * If response_type is not included, it is assumed to be "code" since that is
>> what draft-00 did.
>>> 
>>> When the spec is finalized, we plan on doing a single opt-in migration for all
>> non-backwards compatible changes. New application will be automatically on
>> the final version, and older applications will have a time period to update.
>>> 
>>> Some new things you can do:
>>> 
>>> Here are a few links showing some of the new parameters to help you with
>> discovery:
>>> code_and_token:
>>> 
>> http://graph.facebook.com/oauth/authorize?client_id=150629244948164&re
>> direct_uri=http://paulisageek.com/facebook/app/&response_type=code_a
>> nd_token
>>> token:
>>> 
>> http://graph.facebook.com/oauth/authorize?client_id=150629244948164&re
>> direct_uri=http://paulisageek.com/facebook/app/&response_type=token
>>> new error format:
>>> 
>> http://graph.facebook.com/oauth/access_token?client_id=15062924494816
>> 4&redirect_uri=http://paulisageek.com/facebook/app/
>>> error redirects:
>>> 
>> http://graph.facebook.com/oauth/authorize?client_id=150629244948164&re
>> direct_uri=http://paulisageek.com/facebook/app/&grant_type=junky_junk
>>> 
>>> Feel free to ask questions and let me know if there are any places you
>> don't think we are spec complaint. We plan on keeping up with changes as
>> we all run this last mile to the final version.
>>> 
>>> Thanks!
>>> Paul
>>> 
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth