Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)
Marius Scurtescu <mscurtescu@google.com> Fri, 30 April 2010 00:22 UTC
Return-Path: <mscurtescu@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 27E1D3A6CC4 for <oauth@core3.amsl.com>; Thu, 29 Apr 2010 17:22:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.734
X-Spam-Level:
X-Spam-Status: No, score=-101.734 tagged_above=-999 required=5 tests=[AWL=0.243, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yFcwwnz3HqAY for <oauth@core3.amsl.com>; Thu, 29 Apr 2010 17:22:47 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id 2F7643A677D for <oauth@ietf.org>; Thu, 29 Apr 2010 17:22:47 -0700 (PDT)
Received: from hpaq1.eem.corp.google.com (hpaq1.eem.corp.google.com [10.3.21.1]) by smtp-out.google.com with ESMTP id o3U0MWhs015996 for <oauth@ietf.org>; Thu, 29 Apr 2010 17:22:32 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1272586952; bh=fxMnSycqLJ6x6przcPZbRc221Bw=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type:Content-Transfer-Encoding; b=lq1SAoUQ0Iczoo4aU31poeGyJgfpGnAZsDx9x3xPTHH7kIa5Pyt7I0GdIwhmd5AiD zYS5sx2eGkX4iFalaDJ8A==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:from:date:message-id: subject:to:cc:content-type:content-transfer-encoding:x-system-of-record; b=Vt8nEmY2eGoFPXm+2hzg8Lvi0pUapBBtiEFC4MUo5en6Z5RZfzIGMneZR4yuzJwO2 Z6t2hagkabcc+zKfGem9Q==
Received: from pvd12 (pvd12.prod.google.com [10.241.209.204]) by hpaq1.eem.corp.google.com with ESMTP id o3U0MT7w005832 for <oauth@ietf.org>; Thu, 29 Apr 2010 17:22:30 -0700
Received: by pvd12 with SMTP id 12so1273169pvd.26 for <oauth@ietf.org>; Thu, 29 Apr 2010 17:22:29 -0700 (PDT)
Received: by 10.140.58.7 with SMTP id g7mr241073rva.37.1272586949247; Thu, 29 Apr 2010 17:22:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.141.14.15 with HTTP; Thu, 29 Apr 2010 17:22:09 -0700 (PDT)
In-Reply-To: <4BD9E1E3.7060107@lodderstedt.net>
References: <9890332F-E759-4E63-96FE-DB3071194D84@gmail.com> <90C41DD21FB7C64BB94121FBBC2E723438E30A379B@P3PW5EX1MB01.EX1.SECURESERVER.NET> <20100419134825.134951nuzvi35hk4@webmail.df.eu> <90C41DD21FB7C64BB94121FBBC2E723438E5C7F45E@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4BD2A172.2070401@lodderstedt.net> <4BD8869A.2080403@lodderstedt.net> <s2zc334d54e1004281425x5e714eebwcd5a91af593a62ac@mail.gmail.com> <v2j68fba5c51004282044o3a5f96cfucb1157d3884d8cd2@mail.gmail.com> <4BD9E1E3.7060107@lodderstedt.net>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Thu, 29 Apr 2010 17:22:09 -0700
Message-ID: <z2w74caaad21004291722k5058ade6k65529dfba73fd04e@mail.gmail.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: oauth@ietf.org, jsmarr@stanfordalumni.org
Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2010 00:22:49 -0000
On Thu, Apr 29, 2010 at 12:45 PM, Torsten Lodderstedt <torsten@lodderstedt.net> wrote: > 3.5.2. Web Server Flow > 3.5.2.2. Client Requests Access Token > > The client obtains an access token from the authorization server by > <snip> > secret_type > OPTIONAL. The access token secret type as described by > Section 5.3. If omitted, the authorization server will issue a > bearer token (an access token without a matching secret) as > described by Section 5.2. > > -------- > A client may indicate the desired response format using an Accept-Header > specifying > one of the following mime types: application/x-www-form-urlencoded, > application/xml, > or application/json. If not specified, the default response format is > application/json. > (Alternatively, the response format could be specified by a query parameter) > -------- > > For example, the client makes the following HTTPS request (line > breaks are for display purposes only): > > POST /token HTTP/1.1 > Host: server.example.com > Content-Type: application/x-www-form-urlencoded > -------- > Accept: application/json > -------- > > type=web_server&client_id=s6BhdRkqt3& > client_secret=gX1fBat3bV&code=i1WsRn1uB1& > redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb Why not allow the request to be JSON encoded as well? The only non-JSON requests and responses are those that go through the User Agent as query parameters. How about encoding with JSON in these cases as well and putting the whole JSON blob into a query parameter named like oauth_request/oauth_response? This would make all requests/responses consistent and eliminate possible collisions. Do we still have to support application/x-www-form-urlencoded? Marius
- [OAUTH-WG] application/x-www-form-urlencoded vs J… Dick Hardt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Richard Barnes
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Joseph Smarr
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Joseph Smarr
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Paul C. Bryan
- Re: [OAUTH-WG] application/x-www-form-urlencoded … David Recordon
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Joseph Smarr
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Manger, James H
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Gaurav Rastogi
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Joseph Smarr
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Robert Sayre
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Yaron Goland
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Brian Eaton
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Manger, James H
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Yaron Goland
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Mike Moore
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Allen Tom
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Dick Hardt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Dick Hardt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Dick Hardt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Dick Hardt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Robert Sayre
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … David Recordon
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Robert Sayre
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Evan Gilbert
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Robert Sayre
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Evan Gilbert
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Evan Gilbert
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Evan Gilbert
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Evan Gilbert
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Marius Scurtescu
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … DeWitt Clinton
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Pid
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Joseph Smarr
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Greg Brail
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Torsten Lodderstedt
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Luke Shepard
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Pid
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Paul C. Bryan
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Paul C. Bryan
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Simone Gianni
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Eran Hammer-Lahav
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Pid
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Yaron Goland
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Robert Sayre
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Greg Brail
- Re: [OAUTH-WG] application/x-www-form-urlencoded … Brian Eaton