Re: [OAUTH-WG] draft-ietf-oauth-dyn-reg-11 section 4.1
Justin Richer <jricher@mitre.org> Thu, 06 June 2013 16:40 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CAB521F9402 for <oauth@ietfa.amsl.com>; Thu, 6 Jun 2013 09:40:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jpbbQOaAwOay for <oauth@ietfa.amsl.com>; Thu, 6 Jun 2013 09:40:29 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id CB2C821F8233 for <oauth@ietf.org>; Thu, 6 Jun 2013 09:40:28 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 324FA226006F; Thu, 6 Jun 2013 12:40:28 -0400 (EDT)
Received: from IMCCAS01.MITRE.ORG (imccas01.mitre.org [129.83.29.78]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 1B5391F05D7; Thu, 6 Jun 2013 12:40:27 -0400 (EDT)
Received: from [10.146.15.13] (129.83.31.56) by IMCCAS01.MITRE.ORG (129.83.29.78) with Microsoft SMTP Server (TLS) id 14.2.342.3; Thu, 6 Jun 2013 12:40:27 -0400
Message-ID: <51B0BB4B.4050606@mitre.org>
Date: Thu, 06 Jun 2013 12:39:39 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: Tim Bray <twbray@google.com>
References: <CA+ZpN27-anFCKX7os5SrU_0eRE2RJPg2z1xpqTDKUwe2ZhoHtQ@mail.gmail.com>
In-Reply-To: <CA+ZpN27-anFCKX7os5SrU_0eRE2RJPg2z1xpqTDKUwe2ZhoHtQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------030605030506070302060807"
X-Originating-IP: [129.83.31.56]
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-dyn-reg-11 section 4.1
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2013 16:40:34 -0000
We added this text to give examples of how to form the URL so that server developers would be able to see common patterns. Without this text, I heard from developers who thought that it *must* require a client_id query parameter, or that it *must* be a URL template, or that it *must* be different from the client registration endpoint at all. None of those are the case. The fact that there are several valid ways to implement this shows that we need some kind of guidance, and the fact is that it doesn't actually matter *what* the URL is at the end of the day as long as the client doesn't manipulate it and the server can make sense of it. They also help enforce the point that clients MUST use the URL as-is without adding anything to it. There were some folks who thought that they client would need to take the URL as given by the server and add a query parameter to it, and that's not the case. If this can be written better, I'd appreciate improved text or more examples, but I don't think that we can delete the guidance. -- Justin On 06/05/2013 05:00 PM, Tim Bray wrote: > Section 4.1. Forming the Client Configuration Endpoint URL > > Why not discard the last three paragraphs? Server side implementers > have a problem in how to create a client-config endpoint & remember > what it applies to. I can think of several different ways you could > approach this, the spec guidance is superfluous. > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth