Thanks David, glad to hear that these changes are coming. On Thu, Apr 29, 2010 at 11:35 AM, David Recordon <record...@gmail.com>wrote:
> @Paul, we're fixing that! I believe the code to reject access tokens over > HTTP is checked in but just not pushed yet. > > > On Thu, Apr 29, 2010 at 2:13 PM, Paul Lindner <lind...@inuus.com> wrote: > >> I'm also not happy that they are allowing bearer-token access to these >> resources via non-SSL requests. I'd hate to see such an insecure practice >> gain traction before the protocol is even out the door. (You just know that >> people will implement things "like facebook") >> >> >> On Thu, Apr 29, 2010 at 8:24 AM, Pelle Braendgaard < >> pe...@stakeventures.com> wrote: >> >>> Just working on adding OAuth 2.0 support to the Ruby OAuth Plugin and >>> I noticed that the facebook documentations says to use the >>> access_token parameter like this: >>> >>> https://graph.facebook.com/me?access_token=... >>> (http://developers.facebook.com/docs/authentication/) >>> >>> But in the specs it specifies that it should use the oauth_token >>> parameter >>> http://tools.ietf.org/html/draft-hammer-oauth2-00#section-5.2.1 >>> : >>> >>> When including the access token in the HTTP request URI, the client >>> adds the access token to the request URI query component as defined >>> by [RFC3986] using the "oauth_token" parameter. >>> >>> For example, the client makes the following HTTPS request: >>> >>> >>> GET /resource?oauth_token=vF9dft4qmT HTTP/1.1 >>> Host: server.example.com >>> >>> Does anyone know what the deal is. Will Facebook also support >>> oauth_token or will we have to support both types? >>> >>> P >>> >>> -- >>> http://agree2.com - Reach Agreement! >>> http://extraeagle.com - Solutions for the electronic Extra Legal world >>> http://stakeventures.com - Bootstrapping blog >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
