Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)
Evan Gilbert <uidude@google.com> Wed, 05 May 2010 18:00 UTC
Return-Path: <uidude@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C50673A6A37 for <oauth@core3.amsl.com>; Wed, 5 May 2010 11:00:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.526
X-Spam-Level:
X-Spam-Status: No, score=-104.526 tagged_above=-999 required=5 tests=[AWL=-0.964, BAYES_40=-0.185, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b+sEoNQ1dvKB for <oauth@core3.amsl.com>; Wed, 5 May 2010 11:00:07 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id 5B3153A68CD for <oauth@ietf.org>; Wed, 5 May 2010 11:00:07 -0700 (PDT)
Received: from kpbe12.cbf.corp.google.com (kpbe12.cbf.corp.google.com [172.25.105.76]) by smtp-out.google.com with ESMTP id o45HxqC2017602 for <oauth@ietf.org>; Wed, 5 May 2010 10:59:53 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1273082393; bh=w7yX7i6u/VOUmE4FVYG9TNZWvOI=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=a9IvSZluLrQtFSTS3WRJqpaxNgx0OvWo12zRVbMqcT8xSbzvHFyDP4IjxvVVvMACM iLzfNpnud0ZXtR8I9QENw==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:from:date:message-id: subject:to:cc:content-type:x-system-of-record; b=NxrDnBkl0dVF4RNMk7QEnB+lwoclm9zohBe+a+SbwwEUtuusIFodQzekpG/TPVMYK M+nbgsQK9+UOnlfeA2Bgg==
Received: from vws10 (vws10.prod.google.com [10.241.21.138]) by kpbe12.cbf.corp.google.com with ESMTP id o45Hxp9j032112 for <oauth@ietf.org>; Wed, 5 May 2010 10:59:51 -0700
Received: by vws10 with SMTP id 10so2695262vws.23 for <oauth@ietf.org>; Wed, 05 May 2010 10:59:50 -0700 (PDT)
Received: by 10.229.245.68 with SMTP id lt4mr4622548qcb.71.1273082388607; Wed, 05 May 2010 10:59:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.7.136 with HTTP; Wed, 5 May 2010 10:59:26 -0700 (PDT)
In-Reply-To: <4BE1AF25.7000308@lodderstedt.net>
References: <9890332F-E759-4E63-96FE-DB3071194D84@gmail.com> <v2j68fba5c51004282044o3a5f96cfucb1157d3884d8cd2@mail.gmail.com> <4BD9E1E3.7060107@lodderstedt.net> <7C01E631FF4B654FA1E783F1C0265F8C4A3EF0B0@TK5EX14MBXC115.redmond.corp.microsoft.com> <z2yf5bedd151004291440g17693f8du9e19a649bef925e4@mail.gmail.com> <w2odaf5b9571004291509x8895a73k384a4b4ddb12b794@mail.gmail.com> <20100430105935.20255m8kdythy6sc@webmail.df.eu> <90C41DD21FB7C64BB94121FBBC2E723439323D0DB0@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTik3NSJynWfiNWovruPEOT2Y6G1zcWPFOaS_pHdy@mail.gmail.com> <4BE1AF25.7000308@lodderstedt.net>
From: Evan Gilbert <uidude@google.com>
Date: Wed, 05 May 2010 10:59:26 -0700
Message-ID: <AANLkTil2_9KOm1eRoC0jxvH99E55K3BEW-T5cgWLay9H@mail.gmail.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
Content-Type: multipart/alternative; boundary="001485f9a73e8bf8610485dc974c"
X-System-Of-Record: true
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2010 18:00:08 -0000
On Wed, May 5, 2010 at 10:47 AM, Torsten Lodderstedt < torsten@lodderstedt.net> wrote: > Even if not supported directly by the platform there are many JSON > libraries available these days. > It's not hard to add JSON support, but it's a factor in the choice. > > http://www.json.org/ lists 3 libraries for Objective-C alone. > > Moreover, the JSON documents we are discussing now are simple, something > like > > > { "access_token": "SlAV32hkKG", "expires_in": "3600", "refresh_token": > "8xLOxBtZp8" } > > Parsing such a document is not a challenge even without library support. > Per notes above - the client needs to do understand form encoding anyway. The client needs to parse the redirect_uri and also needs to generate form encoded requests. > > Regarding code size: What really matters on mobile devices from my point of > view is the size of data to be transmitted. Here, JSON is much more compact > than XML. > > regards, > Torsten. > > Am 05.05.2010 17:42, schrieb Marius Scurtescu: > > On Wed, May 5, 2010 at 8:28 AM, Eran Hammer-Lahav<eran@hueniverse.com> >> wrote: >> >> >>> I'll add something to the draft and we'll discuss it. There is enough >>> consensus on a single JSON response format. >>> >>> >> Yesterday I got the following feedback: >> >> On Tue, May 4, 2010 at 5:43 PM, Greg Robbins<grobbins@google.com> wrote: >> >> >>> Using JSON on the iPhone requires developers to drag in source code for a >>> third-party library. >>> >>> If their app isn't already relying on JSON for some other purpose, then >>> adding a third-party library is a somewhat substantial annoyance, >>> particularly for a mobile app where code size is important. >>> >>> If OAuth 2 is only intended for use with JSON APIs, then returning all >>> responses as JSON is reasonable. Otherwise, it's not so reasonable. A >>> full >>> JSON parser is non-trivial, and seems like overkill for simple responses. >>> >>> The iPhone OS does have libxml2 and an event-style XML parser, but no >>> really >>> easy way to extract data from XML, either. >>> >>> Form-style responses are much more straightforward to worth with given >>> simple string-manipulation utilities. >>> >>> >> If the above is true, then I am not so sure about JSON anymore. Lots >> of phones and devices will have problems with it. >> >> Marius >> >> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] application/x-www-form-urlencoded vs J… Dick Hardt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Richard Barnes
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Joseph Smarr
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Joseph Smarr
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … David Recordon
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Paul C. Bryan
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Joseph Smarr
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Manger, James H
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Gaurav Rastogi
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Joseph Smarr
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Robert Sayre
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Yaron Goland
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Brian Eaton
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Manger, James H
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Yaron Goland
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Allen Tom
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Dick Hardt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Dick Hardt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Dick Hardt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Dick Hardt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Robert Sayre
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … David Recordon
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Robert Sayre
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Evan Gilbert
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Robert Sayre
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Evan Gilbert
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Evan Gilbert
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Evan Gilbert
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Evan Gilbert
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … DeWitt Clinton
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Pid
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Joseph Smarr
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Greg Brail
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Luke Shepard
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Pid
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Paul C. Bryan
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Paul C. Bryan
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Simone Gianni
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Pid
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Yaron Goland
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Robert Sayre
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Greg Brail
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Brian Eaton