> > I couldn't find a conclusion to the May 2010 discussions about using x-www- > > form-urlencoded vs. json nor a rationale in the spec for using JSON. Why do > > I > > need to add a JSON lexer/parser to my library just to get key-value pairs > > that > > can be represented by form-urlencoded? > > Every modern platform has a JSON parser.
While JSON is widespread, it is an additional requirement. I've done some work to define and XML encoding for OAuth tokens here: http://tools.ietf.org/html/draft-richer-oauth-xml-00 The draft still needs to be updated to point to the right sections of the OAuth2 spec, but the mechanics are still valid. The point of this is similar to your contention: if I'm already speaking one wire format (XML), why would I want to deal with JSON just to do my auth step? If you'd like to try defining a key-value encoding, we can publish an extension draft for that as well. -- Justin _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
