I don't think the two are related. Request format is based on common HTTP request practice and is built-in every web client. Adding a list of parameters to a request URI is trivial. Response format on the other hand is less consistent on the client and we can improve this by specifying a well-define serialization.
I don't care about which format to use or whether we support more than one. EHL > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Yaron Goland > Sent: Friday, April 30, 2010 9:03 AM > To: Torsten Lodderstedt; Brian Eaton > Cc: oauth@ietf.org > Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON > (Proposal) > > I actually have a preference for application/x-www-form-urlencoded but it's > not overwhelming, the key thing I believe we need to do is have exactly one > request/response format. In other words, I don't believe we should use one > format for requests and another for responses. Just pick one for both. > Thanks, > Yaron > > > -----Original Message----- > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > > Of Torsten Lodderstedt > > Sent: Friday, April 30, 2010 2:00 AM > > To: Brian Eaton > > Cc: oauth@ietf.org > > Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON > > (Proposal) > > > > > > Zitat von Brian Eaton <bea...@google.com>: > > > > > On Thu, Apr 29, 2010 at 2:40 PM, Mike Moore <blowm...@gmail.com> > > wrote: > > >> On Thu, Apr 29, 2010 at 2:49 PM, Yaron Goland > > >> <yar...@microsoft.com> > > wrote: > > >>> > > >>> Can we please just have one format, not 3? The more choices we > > >>> give the more interoperability suffers. > > > > > > Yes. The number of parsers needed to make a working system is > > > important. The spec has too many already. > > > > > > I'd like to see authorization servers returning JSON or XML, since > > > that's what the resource servers are doing. > > > > > > ...and given a choice between JSON and XML, I'd pick JSON. > > > > > > > I agree. At Deutsche Telekom, we try to align our authorization APIs > > with the APIs provided by the resource servers. Authorization is > > "just" a small, but important, portion of the overall process and > > aligning it with the rest increases acceptance and decreases error rate. > > > > None of the APIs we provide uses form encoding, most of them use JSON, > > some XML. > > Based on that observation I would like to see at least JSON support in > OAuth. > > So JSON as the only would be fine with me. > > > > My proposal is based on the observation that the WG did not come to a > > consensus about the one and only format. > > > > I have collected the following opinions from the thread: > > > > pro additional support for JSON and XML - Marius Scurtescu, John > > Jawed, Richard Barnes, Brian Eaton, Torsten Lodderstedt pro additional > > support for JSON - Dick Hardt (initiated the thread), Joseph Smarr > > still support application/x-www-form-urlencoded (unclear whether > > exclusively) - David Recordon, Gaurav Rastogi one format only > > (preference > > unclear) - Yaron Goland JSON as the only format (if forced to decide > > for a single format) - Brian Eaton, Torsten Lodderstedt JSON as the > > only format - James Manger, Robert Sayre > > application/x-www-form-urlencoded as the only format - Mike Moore > JSON > > for responses as well - Marius Scurtescu > > > > Here are some representative comments from the thread: > > > > Joseph Smarr - "JSON is already widely supported (presumably including > > by most APIs that you're building OAuth support to be able to access!" > > > > David Recordon - "it's drastically more complex for environments (like > > embedded hardware) which doesn't support JSON." > > > > Paul C. Bryan - "I'm struggling to imagine hardware that on the one > > hand would support OAuth, but on the other would be incapable of > > supporting JSON..." > > > > Gaurav Rastogi - "There are enough number of small embedded software > > stack where JSON is not an option." > > > > So we have at least 9 votes pro JSON, but also 1 vote for > > application/x-www- form-urlencoded only. > > > > How shall we proceed? Can we come to a consensus? > > > > regards, > > Torsten. > > > > > Cheers, > > > Brian > > > _______________________________________________ > > > OAuth mailing list > > > OAuth@ietf.org > > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > > > > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
