On Mon, Apr 19, 2010 at 9:50 PM, Dick Hardt <dick.ha...@gmail.com> wrote: > > On 2010-04-19, at 9:46 PM, Peter Saint-Andre wrote: > >> On 4/18/10 6:46 PM, Dick Hardt wrote: >> >>> Given the practice that the authorization endpoint and the redirect_uri >>> can contain URI query parameters, then differentiating between >>> application specific query parameters and OAuth protocol parameters by >>> prefixing the OAuth parameters with oauth_ would seem a useful way to >>> minimize conflicts. >> >> Can't application developers avoid conflicts by giving their parameters >> names other than those already used in OAuth? > > If changing the parameters is available to them. They may be trying to shimmy > OAuth into an existing system.
Even if the developer can chose a parameter that is not used by OAuth right now, he/she has no guarantee that this parameter name will not be introduced by a future version of the spec. > I don't know how common the issue is, just pointing out why the prefix was > there in the past. Yes, chances for a collision are very small, but still, well worth using the prefix IMO. Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
