Why is the token returned in the fragment using form-encoding? This makes no sense. It should be a JSON string for the following reasons:
1. All token responses should be the same, which will enable returning structured responses in the future as needed. 2. Using fragments is specifically done to accommodate the user-agent environment, which means JavaScript. Why create extra work when JSON.parse() does it for you for free. Returning the authorization code alone using form-encoded in the query still makes sense. EHL
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
