Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

From: Luke Shepard [mailto:lshep...@facebook.com] Sent: Tuesday, April 20, 2010 10:04 AM To: jsm...@stanfordalumni.org; Eran Hammer-Lahav Cc: Marius Scurtescu; OAuth WG Subject: RE: [OAUTH-WG] Issue: prefixing parameters with oauth_ I know we are all identity geeks and love to know the protocol we

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

Hammer-Lahav Cc: Marius Scurtescu; OAuth WG Subject: Re: [OAUTH-WG] Issue: prefixing parameters with oauth_ I'm normally no fan of namespaces or other forms of needless complexity, and it's true that PoCo dropped the pdata_ prefixes to all its query parameters that we'd originally pr

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

; > Sent: Tuesday, April 20, 2010 3:38 AM > > To: Peter Saint-Andre > > Cc: Marius Scurtescu; OAuth WG > > Subject: Re: [OAUTH-WG] Issue: prefixing parameters with oauth_ > > > > On Apr 20, 2010, at 12:46 AM, Peter Saint-Andre wrote: > > > > > On

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

> -Original Message- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of John Kemp > Sent: Tuesday, April 20, 2010 3:38 AM > To: Peter Saint-Andre > Cc: Marius Scurtescu; OAuth WG > Subject: Re: [OAUTH-WG] Issue: prefixing parameters with

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

On 4/19/10 11:01 PM, Marius Scurtescu wrote: > On Mon, Apr 19, 2010 at 9:50 PM, Dick Hardt wrote: >> >> On 2010-04-19, at 9:46 PM, Peter Saint-Andre wrote: >> >>> On 4/18/10 6:46 PM, Dick Hardt wrote: >>> Given the practice that the authorization endpoint and the redirect_uri can contain

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

On Apr 20, 2010, at 12:46 AM, Peter Saint-Andre wrote: > On 4/18/10 6:46 PM, Dick Hardt wrote: > >> Given the practice that the authorization endpoint and the redirect_uri >> can contain URI query parameters, then differentiating between >> application specific query parameters and OAuth protocol

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

On Mon, Apr 19, 2010 at 9:50 PM, Dick Hardt wrote: > > On 2010-04-19, at 9:46 PM, Peter Saint-Andre wrote: > >> On 4/18/10 6:46 PM, Dick Hardt wrote: >> >>> Given the practice that the authorization endpoint and the redirect_uri >>> can contain URI query parameters, then differentiating between >>

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

On 2010-04-19, at 9:46 PM, Peter Saint-Andre wrote: > On 4/18/10 6:46 PM, Dick Hardt wrote: > >> Given the practice that the authorization endpoint and the redirect_uri >> can contain URI query parameters, then differentiating between >> application specific query parameters and OAuth protocol p

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

On 4/18/10 6:46 PM, Dick Hardt wrote: > Given the practice that the authorization endpoint and the redirect_uri > can contain URI query parameters, then differentiating between > application specific query parameters and OAuth protocol parameters by > prefixing the OAuth parameters with oauth_ wou

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

On Mon, Apr 19, 2010 at 10:19 AM, Marius Scurtescu wrote: > On Mon, Apr 19, 2010 at 7:28 AM, Evan Gilbert wrote: > > I have a preference to *not* have the "oauth_" prefix on parameters when > > redirecting back, but could be convinced. > > The argument about collisions makes sense, but I think th

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

On Mon, Apr 19, 2010 at 7:28 AM, Evan Gilbert wrote: > I have a preference to *not* have the "oauth_" prefix on parameters when > redirecting back, but could be convinced. > The argument about collisions makes sense, but I think there are no known > conflicts and you can always add a redirection l

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

I have a preference to *not* have the "oauth_" prefix on parameters when redirecting back, but could be convinced. The argument about collisions makes sense, but I think there are no known conflicts and you can always add a redirection layer if a conflict arises in the future and a web serving fra

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

On 2010-04-18, at 9:04 PM, Marius Scurtescu wrote: > On Sun, Apr 18, 2010 at 5:46 PM, Dick Hardt wrote: >> Since calls to the token endpoint use POST, there can not be any confusion >> between the parameters in the body of the message and URI query parameters > > Unfortunately in the Java world

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

On Sun, Apr 18, 2010 at 5:46 PM, Dick Hardt wrote: > Since calls to the token endpoint use POST, there can not be any confusion > between the parameters in the body of the message and URI query parameters Unfortunately in the Java world there is confusion between POST and GET parameters. The serv

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

I'm happy to hear that Facebook engineers are enjoying their job. In choosing between long and ambiguous, I think we need to choose long. We could shorten the prefix to oa_. Would that help? :) On 2010-04-18, at 6:42 PM, David Recordon wrote: > While Facebook platform engineers were quite dubi

Re: [OAUTH-WG] Issue: prefixing parameters with oauth_

While Facebook platform engineers were quite dubios of no oauth_ prefix after hacking on a draft implementation their opinion has changed. They're now really enjoying shorter and cleaner paramater names and found them to be easier to document and no more difficult to implement. On Sun, Apr 18, 20

[OAUTH-WG] Issue: prefixing parameters with oauth_

(restarting discussion from http://groups.google.com/group/oauth-ietf-wg/browse_thread/thread/8aeb31817ead4c2a/f19773643e0a8ba3?pli=1 with matching subject) Given the practice that the authorization endpoint and the redirect_uri can contain URI query parameters, then differentiating bet