I am talking about the resource server. Specifically I want to be able to quickly determine if an incoming request is 1.0a vs 2.0. And since this is a library it can't make a lot of assumptions about the specific environment it's running in.
At first I thought I would check the oauth_version parameter. It turns out the 1.0a spec says that it is optional. The only one that is required for 1.0a is oauth_signature_method. Sadly we're long past time to change the spec to optimize for this use-case. (It would have been better to have a parameter for oauth 2.0 that is distinct from 1.0a) At the very least this message will live on in the mailing list archives -- at best we document the proper way to distinguish between the two versions somewhere. On Thu, Jun 10, 2010 at 8:44 AM, Eran Hammer-Lahav <e...@hueniverse.com>wrote: > The request is very different on the resource server. On the authorization > server, why would you use the same endpoint? > > > > EHL > > > > *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf > Of *Paul Lindner > *Sent:* Thursday, June 10, 2010 8:24 AM > *To:* OAuth WG (oauth@ietf.org) > *Subject:* [OAUTH-WG] Identifying OAuth 2.0 vs 1.0 requests > > > > Hi, > > > > As I've been working through our oauth2 implementation I've noticed that > it's not easy to disambiguate OAuth 1.0a vs 2.0 API calls based on the > request parameters alone. Based on some investigative at the Shindig > project it appears that the only standard way to to determine 1.0a vs 2.0 is > by checking for the oauth_signature_method parameter. More info here: > > > > https://issues.apache.org/jira/browse/SHINDIG-1361 > > > > Has anyone else considered this use case? How did you solve it? > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
