On Thu, Jun 10, 2010 at 10:42 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > But in that case, all the other oauth_* parameters are missing. It's trivial.
An OAuth 1 filter will interpret this as broken OAuth 1 authentication. Marius > > EHL > >> -----Original Message----- >> From: Marius Scurtescu [mailto:mscurte...@google.com] >> Sent: Thursday, June 10, 2010 10:39 AM >> To: Paul Lindner >> Cc: Eran Hammer-Lahav; OAuth WG (oauth@ietf.org) >> Subject: Re: [OAUTH-WG] Identifying OAuth 2.0 vs 1.0 requests >> >> I run into the same issue. In section "4.2. URI Query Parameter", it would >> help if the parameter name, oauth_token, was different from OAuth 1. >> >> Marius >> >> >> >> On Thu, Jun 10, 2010 at 9:41 AM, Paul Lindner <lind...@inuus.com> wrote: >> > I am talking about the resource server. Specifically I want to be able >> > to quickly determine if an incoming request is 1.0a vs 2.0. And since >> > this is a library it can't make a lot of assumptions about the >> > specific environment it's running in. >> > At first I thought I would check the oauth_version parameter. It >> > turns out the 1.0a spec says that it is optional. The only one that >> > is required for 1.0a is oauth_signature_method. >> > Sadly we're long past time to change the spec to optimize for this >> > use-case. >> > (It would have been better to have a parameter for oauth 2.0 that is >> > distinct from 1.0a) At the very least this message will live on in >> > the mailing list archives -- at best we document the proper way to >> > distinguish between the two versions somewhere. >> > On Thu, Jun 10, 2010 at 8:44 AM, Eran Hammer-Lahav >> > <e...@hueniverse.com> >> > wrote: >> >> >> >> The request is very different on the resource server. On the >> >> authorization server, why would you use the same endpoint? >> >> >> >> >> >> >> >> EHL >> >> >> >> >> >> >> >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On >> >> Behalf Of Paul Lindner >> >> Sent: Thursday, June 10, 2010 8:24 AM >> >> To: OAuth WG (oauth@ietf.org) >> >> Subject: [OAUTH-WG] Identifying OAuth 2.0 vs 1.0 requests >> >> >> >> >> >> >> >> Hi, >> >> >> >> >> >> >> >> As I've been working through our oauth2 implementation I've noticed >> >> that it's not easy to disambiguate OAuth 1.0a vs 2.0 API calls based >> >> on the request parameters alone. Based on some investigative at the >> >> Shindig project it appears that the only standard way to to determine >> >> 1.0a vs 2.0 is by checking for the oauth_signature_method >> parameter. More info here: >> >> >> >> >> >> >> >> https://issues.apache.org/jira/browse/SHINDIG-1361 >> >> >> >> >> >> >> >> Has anyone else considered this use case? How did you solve it? >> >> >> >> >> > >> > _______________________________________________ >> > OAuth mailing list >> > OAuth@ietf.org >> > https://www.ietf.org/mailman/listinfo/oauth >> > >> > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
