I have a preference to *not* have the "oauth_" prefix on parameters when redirecting back, but could be convinced.
The argument about collisions makes sense, but I think there are no known conflicts and you can always add a redirection layer if a conflict arises in the future and a web serving framework is unwilling to change. (I've become less of a fan of namespacing over the years - my default has switched to waiting until there is a known conflict to solve) Evan On Sun, Apr 18, 2010 at 9:10 PM, Dick Hardt <dick.ha...@gmail.com> wrote: > > On 2010-04-18, at 9:04 PM, Marius Scurtescu wrote: > > > On Sun, Apr 18, 2010 at 5:46 PM, Dick Hardt <dick.ha...@gmail.com> > wrote: > >> Since calls to the token endpoint use POST, there can not be any > confusion > >> between the parameters in the body of the message and URI query > parameters > > > > Unfortunately in the Java world there is confusion between POST and > > GET parameters. The servlet specification mixes parameters from both > > sources and makes them available as one map. > > Perhaps you should use a real web language like Perl? :) > > Since the user user is not present in calls to the token endpoint, I don't > see the same requirements for adding URI query parameters, but point taken. > > -- Dick > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth