Which is fine if it doesn't support 2.0. EHL
> -----Original Message----- > From: Marius Scurtescu [mailto:mscurte...@google.com] > Sent: Thursday, June 10, 2010 10:53 AM > To: Eran Hammer-Lahav > Cc: Paul Lindner; OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Identifying OAuth 2.0 vs 1.0 requests > > On Thu, Jun 10, 2010 at 10:42 AM, Eran Hammer-Lahav > <e...@hueniverse.com> wrote: > > But in that case, all the other oauth_* parameters are missing. It's > > trivial. > > An OAuth 1 filter will interpret this as broken OAuth 1 authentication. > > Marius > > > > > EHL > > > >> -----Original Message----- > >> From: Marius Scurtescu [mailto:mscurte...@google.com] > >> Sent: Thursday, June 10, 2010 10:39 AM > >> To: Paul Lindner > >> Cc: Eran Hammer-Lahav; OAuth WG (oauth@ietf.org) > >> Subject: Re: [OAUTH-WG] Identifying OAuth 2.0 vs 1.0 requests > >> > >> I run into the same issue. In section "4.2. URI Query Parameter", it > >> would help if the parameter name, oauth_token, was different from > OAuth 1. > >> > >> Marius > >> > >> > >> > >> On Thu, Jun 10, 2010 at 9:41 AM, Paul Lindner <lind...@inuus.com> > wrote: > >> > I am talking about the resource server. Specifically I want to be > >> > able to quickly determine if an incoming request is 1.0a vs 2.0. > >> > And since this is a library it can't make a lot of assumptions > >> > about the specific environment it's running in. > >> > At first I thought I would check the oauth_version parameter. It > >> > turns out the 1.0a spec says that it is optional. The only one > >> > that is required for 1.0a is oauth_signature_method. > >> > Sadly we're long past time to change the spec to optimize for this use- > case. > >> > (It would have been better to have a parameter for oauth 2.0 that > >> > is distinct from 1.0a) At the very least this message will live on > >> > in the mailing list archives -- at best we document the proper way > >> > to distinguish between the two versions somewhere. > >> > On Thu, Jun 10, 2010 at 8:44 AM, Eran Hammer-Lahav > >> > <e...@hueniverse.com> > >> > wrote: > >> >> > >> >> The request is very different on the resource server. On the > >> >> authorization server, why would you use the same endpoint? > >> >> > >> >> > >> >> > >> >> EHL > >> >> > >> >> > >> >> > >> >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On > >> >> Behalf Of Paul Lindner > >> >> Sent: Thursday, June 10, 2010 8:24 AM > >> >> To: OAuth WG (oauth@ietf.org) > >> >> Subject: [OAUTH-WG] Identifying OAuth 2.0 vs 1.0 requests > >> >> > >> >> > >> >> > >> >> Hi, > >> >> > >> >> > >> >> > >> >> As I've been working through our oauth2 implementation I've > >> >> noticed that it's not easy to disambiguate OAuth 1.0a vs 2.0 API > >> >> calls based on the request parameters alone. Based on some > >> >> investigative at the Shindig project it appears that the only > >> >> standard way to to determine 1.0a vs 2.0 is by checking for the > >> >> oauth_signature_method > >> parameter. More info here: > >> >> > >> >> > >> >> > >> >> https://issues.apache.org/jira/browse/SHINDIG-1361 > >> >> > >> >> > >> >> > >> >> Has anyone else considered this use case? How did you solve it? > >> >> > >> >> > >> > > >> > _______________________________________________ > >> > OAuth mailing list > >> > OAuth@ietf.org > >> > https://www.ietf.org/mailman/listinfo/oauth > >> > > >> > > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
