IETF Logo Mail Archive

Re: [OAUTH-WG] Facebook updates to Draft 10

Eran Hammer-Lahav <eran@hueniverse.com> Fri, 10 September 2010 14:56 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 288DA3A68D7 for <oauth@core3.amsl.com>; Fri, 10 Sep 2010 07:56:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.486
X-Spam-Level:
X-Spam-Status: No, score=-2.486 tagged_above=-999 required=5 tests=[AWL=0.113, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RGCY3V+WUfre for <oauth@core3.amsl.com>; Fri, 10 Sep 2010 07:56:13 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id E1A2B3A6835 for <oauth@ietf.org>; Fri, 10 Sep 2010 07:56:12 -0700 (PDT)
Received: (qmail 7073 invoked from network); 10 Sep 2010 14:56:39 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.19) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 10 Sep 2010 14:56:39 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT001.EX1.SECURESERVER.NET ([72.167.180.19]) with mapi; Fri, 10 Sep 2010 07:56:38 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Olivier POITREY <rs@dailymotion.com>, Paul Tarjan <paul.tarjan@facebook.com>
Date: Fri, 10 Sep 2010 07:56:33 -0700
Thread-Topic: [OAUTH-WG] Facebook updates to Draft 10
Thread-Index: ActQxEd/W65K/OQ3QK62MGCuarE2qQANAGbg
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343B3F3F06F1@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <116056AD-0AC4-4BD9-BCF4-C4D2A75CF9D6@facebook.com> <2ED35478-18D0-452C-AF4C-C5556809A97A@dailymotion.com>
In-Reply-To: <2ED35478-18D0-452C-AF4C-C5556809A97A@dailymotion.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Facebook updates to Draft 10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Sep 2010 14:56:14 -0000

That's not true. Both spaces and commas have to be encoded in form-encoded query parameters.

EHL

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Olivier POITREY
> Sent: Friday, September 10, 2010 1:47 AM
> To: Paul Tarjan
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] Facebook updates to Draft 10
> 
> Hi Paul,
> 
> Your implementation (and most other oAuth 2.0 implementations I've seen
> so far) are not using whitespace delimiter for the scope field. As I'm currently
> working on an oAuth 2.0 implementation for Dailymotion, I'm wondering why
> nobody seems to follow this part of the spec and use comas instead of
> whitespaces. Note that I would prefer coma over whitespace, whitespace
> have to be encoded and I find it a bit counter intuitive for this field.
> 
> Best,
> 
> 
> On 9 sept. 2010, at 20:43, Paul Tarjan wrote:
> 
> > Hi Fellow OAuthers,
> >
> > We just updated our Graph API's OAuth2 implementation to be draft 10
> complaint. Yay!
> >
> > Well, I should say we are pretty close to draft 10. Some places we differ:
> >
> > * For now errors are not in the standard format :( This would break
> backwards compatibility and existing applications, so we are only going to
> turn it on for opted in applications until the spec is finalized. If anyone wants
> to use the new formats, send me your Facebook app's ID and I'll opt you in.
> > * if grant_type is not included, it is assumed to be "authorization_code"
> since that is what draft-00 did.
> > * If response_type is not included, it is assumed to be "code" since that is
> what draft-00 did.
> >
> > When the spec is finalized, we plan on doing a single opt-in migration for all
> non-backwards compatible changes. New application will be automatically on
> the final version, and older applications will have a time period to update.
> >
> > Some new things you can do:
> >
> > Here are a few links showing some of the new parameters to help you with
> discovery:
> > code_and_token:
> >
> http://graph.facebook.com/oauth/authorize?client_id=150629244948164&re
> direct_uri=http://paulisageek.com/facebook/app/&response_type=code_a
> nd_token
> > token:
> >
> http://graph.facebook.com/oauth/authorize?client_id=150629244948164&re
> direct_uri=http://paulisageek.com/facebook/app/&response_type=token
> > new error format:
> >
> http://graph.facebook.com/oauth/access_token?client_id=15062924494816
> 4&redirect_uri=http://paulisageek.com/facebook/app/
> > error redirects:
> >
> http://graph.facebook.com/oauth/authorize?client_id=150629244948164&re
> direct_uri=http://paulisageek.com/facebook/app/&grant_type=junky_junk
> >
> > Feel free to ask questions and let me know if there are any places you
> don't think we are spec complaint. We plan on keeping up with changes as
> we all run this last mile to the final version.
> >
> > Thanks!
> > Paul
> >
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email