OAuth tokens as a form-encoded element in a post body? Yes. Keep it. -- Justin
On Thu, 2010-07-01 at 14:47 -0400, Marius Scurtescu wrote: > On Thu, Jul 1, 2010 at 11:42 AM, William Mills <wmi...@yahoo-inc.com> wrote: > > > > > >> -----Original Message----- > >> From: Marius Scurtescu [mailto:mscurte...@google.com] > >> Sent: Thursday, July 01, 2010 11:36 AM > >> To: Eran Hammer-Lahav > >> Cc: William Mills; Rob Richards; oauth@ietf.org > >> Subject: Re: [OAUTH-WG] Versioning > >> > >> On Thu, Jul 1, 2010 at 11:24 AM, Eran Hammer-Lahav > >> <e...@hueniverse.com> wrote: > >> > > >> > If you would like to discuss a version for the header, > >> please provide examples and requirements for what changes in > >> the future you would like to support. > >> > >> Not sure about the future, but looking at OAuth 1 vs OAuth 2. > >> A protected resource request filter may want to decide early > >> what protocol it deals with so it can call the appropriate > >> handler, or to enforce HTTPS for OAuth 2 for example. Sure, > >> it can apply heuristics right now, but it would be nice to > >> have a more deterministic way which can also be extended in > >> the future. You can always embed the protocol version inside > >> the token I guess, so I don't think this is a huge issue. > > > > Yeah, unfortunately early selection of a handler might require peeking into > > the post body. > > Is anybody really using or needing this feature? Can we drop this option? > > Marius > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
