Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

Robert Sayre <sayrer@gmail.com> Wed, 05 May 2010 17:27 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F9033A6C1E for <oauth@core3.amsl.com>; Wed, 5 May 2010 10:27:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.05
X-Spam-Level:
X-Spam-Status: No, score=-4.05 tagged_above=-999 required=5 tests=[AWL=0.549, BAYES_00=-2.599, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tstIHTIhj5Sx for <oauth@core3.amsl.com>; Wed, 5 May 2010 10:27:39 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by core3.amsl.com (Postfix) with ESMTP id A9B1F28C175 for <oauth@ietf.org>; Wed, 5 May 2010 10:25:42 -0700 (PDT)
Received: by vws9 with SMTP id 9so299303vws.31 for <oauth@ietf.org>; Wed, 05 May 2010 10:25:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=nhSPCuhoXPE+Ci2Aqm0dzWvgTyyJecREMPHnecqIjw4=; b=AAGz9G1tyIbumsSiTh5l0syfV4xKCuL0j75QCc+ft3jN5ibNFwlI2A/9isB75vUbNK jJXPIQk6RCPlhRCQlAbt8QFFp8EVj0OGiRA0v236B04EzYrhR7/SrzaxHoMJGCcX5FA/ ExaNeX/aEhBsEU+fskMBnru3H8mTVyLI/RuOA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=psRma9uybiG7/zmpZO8SmGJ+u/CPoFfHGfVvhpdyzFDi8TAWXcVDpIOd7gG7A4aQfh 3fKTQnRhyulfq5HpbXI9K3+VbinrZW1UwZbbKPQTUmJ1A51fu3xkKOzUJjfb6wTQTHCR wV52LJranCCIP1udRAk3EVRRWfi315lCy1HEw=
MIME-Version: 1.0
Received: by 10.229.185.1 with SMTP id cm1mr3239057qcb.57.1273080329246; Wed, 05 May 2010 10:25:29 -0700 (PDT)
Received: by 10.229.99.142 with HTTP; Wed, 5 May 2010 10:24:59 -0700 (PDT)
In-Reply-To: <AANLkTilA40XmbIShf3m139IodJRCWUvAouyuHbWcgga7@mail.gmail.com>
References: <9890332F-E759-4E63-96FE-DB3071194D84@gmail.com> <s2zc334d54e1004281425x5e714eebwcd5a91af593a62ac@mail.gmail.com> <v2j68fba5c51004282044o3a5f96cfucb1157d3884d8cd2@mail.gmail.com> <4BD9E1E3.7060107@lodderstedt.net> <7C01E631FF4B654FA1E783F1C0265F8C4A3EF0B0@TK5EX14MBXC115.redmond.corp.microsoft.com> <z2yf5bedd151004291440g17693f8du9e19a649bef925e4@mail.gmail.com> <w2odaf5b9571004291509x8895a73k384a4b4ddb12b794@mail.gmail.com> <20100430105935.20255m8kdythy6sc@webmail.df.eu> <90C41DD21FB7C64BB94121FBBC2E723439323D0DB0@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTilA40XmbIShf3m139IodJRCWUvAouyuHbWcgga7@mail.gmail.com>
Date: Wed, 05 May 2010 13:24:59 -0400
Message-ID: <t2k68fba5c51005051024k70c424e8xac898ef9711c1e47@mail.gmail.com>
From: Robert Sayre <sayrer@gmail.com>
To: Evan Gilbert <uidude@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2010 17:27:41 -0000

On Wed, May 5, 2010 at 1:06 PM, Evan Gilbert <uidude@google.com> wrote:
>
>
> On Wed, May 5, 2010 at 8:28 AM, Eran Hammer-Lahav <eran@hueniverse.com>
> wrote:
>>
>> I'll add something to the draft and we'll discuss it. There is enough
>> consensus on a single JSON response format.
>
> Responses that are returned via a browser URL should
> be application/x-www-form-urlencoded.

I'm not sure I understand here, could you explain in more detail?

> These parameters are standard to parse
> in any HTTP handling library

Any HTTP handling library will claim to support it, but I doubt very
many non-browser libraries match the HTML5 spec. Don't you find the
requirements there to be complex relative to JSON?

> and JSON only adds complexity and external
> library requirements.

Anything in a browser won't care either way. And won't other HTTP
clients likely end up talking to a JSON API anyway?

>
>  But if we support both JSON and application/x-www-form-urlencoded

That is design-by-committee. Let's not do that.

-- 

Robert Sayre

"I would have written a shorter letter, but I did not have the time."