@Paul, we're fixing that! I believe the code to reject access tokens over HTTP is checked in but just not pushed yet.
On Thu, Apr 29, 2010 at 2:13 PM, Paul Lindner <lind...@inuus.com> wrote: > I'm also not happy that they are allowing bearer-token access to these > resources via non-SSL requests. I'd hate to see such an insecure practice > gain traction before the protocol is even out the door. (You just know that > people will implement things "like facebook") > > > On Thu, Apr 29, 2010 at 8:24 AM, Pelle Braendgaard < > pe...@stakeventures.com> wrote: > >> Just working on adding OAuth 2.0 support to the Ruby OAuth Plugin and >> I noticed that the facebook documentations says to use the >> access_token parameter like this: >> >> https://graph.facebook.com/me?access_token=... >> (http://developers.facebook.com/docs/authentication/) >> >> But in the specs it specifies that it should use the oauth_token >> parameter http://tools.ietf.org/html/draft-hammer-oauth2-00#section-5.2.1 >> : >> >> When including the access token in the HTTP request URI, the client >> adds the access token to the request URI query component as defined >> by [RFC3986] using the "oauth_token" parameter. >> >> For example, the client makes the following HTTPS request: >> >> >> GET /resource?oauth_token=vF9dft4qmT HTTP/1.1 >> Host: server.example.com >> >> Does anyone know what the deal is. Will Facebook also support >> oauth_token or will we have to support both types? >> >> P >> >> -- >> http://agree2.com - Reach Agreement! >> http://extraeagle.com - Solutions for the electronic Extra Legal world >> http://stakeventures.com - Bootstrapping blog >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
