Hi David, Just a couple of follow up questions, which I probably could test myself, but if you know off the top of your head it would be great to document here:
- Do you support the Authorize header or Post encoded variations? - Do you also support the oauth_token field - Do you support the signed version or only the bearer version of the resource access protocol Thanks for your help so we can get more library support out there ASAP. Pelle On Thu, Apr 29, 2010 at 2:35 PM, David Recordon <record...@gmail.com> wrote: > @Paul, we're fixing that! I believe the code to reject access tokens over > HTTP is checked in but just not pushed yet. > > On Thu, Apr 29, 2010 at 2:13 PM, Paul Lindner <lind...@inuus.com> wrote: >> >> I'm also not happy that they are allowing bearer-token access to these >> resources via non-SSL requests. I'd hate to see such an insecure practice >> gain traction before the protocol is even out the door. (You just know that >> people will implement things "like facebook") >> >> On Thu, Apr 29, 2010 at 8:24 AM, Pelle Braendgaard >> <pe...@stakeventures.com> wrote: >>> >>> Just working on adding OAuth 2.0 support to the Ruby OAuth Plugin and >>> I noticed that the facebook documentations says to use the >>> access_token parameter like this: >>> >>> https://graph.facebook.com/me?access_token=... >>> (http://developers.facebook.com/docs/authentication/) >>> >>> But in the specs it specifies that it should use the oauth_token >>> parameter http://tools.ietf.org/html/draft-hammer-oauth2-00#section-5.2.1 >>> : >>> >>> When including the access token in the HTTP request URI, the client >>> adds the access token to the request URI query component as defined >>> by [RFC3986] using the "oauth_token" parameter. >>> >>> For example, the client makes the following HTTPS request: >>> >>> >>> GET /resource?oauth_token=vF9dft4qmT HTTP/1.1 >>> Host: server.example.com >>> >>> Does anyone know what the deal is. Will Facebook also support >>> oauth_token or will we have to support both types? >>> >>> P >>> >>> -- >>> http://agree2.com - Reach Agreement! >>> http://extraeagle.com - Solutions for the electronic Extra Legal world >>> http://stakeventures.com - Bootstrapping blog >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > -- http://agree2.com - Reach Agreement! http://extraeagle.com - Solutions for the electronic Extra Legal world http://stakeventures.com - Bootstrapping blog _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
