You can't have it both way. Either it is a simple string comparison or it requires parsing of the string. The current prose is designed to offer a visual cue without making any code changes to how response types are compared. To allow different orders, we have to turn the value to a parsed list.
EHL From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Mike Jones Sent: Friday, July 15, 2011 10:02 AM To: oauth@ietf.org Subject: [OAUTH-WG] Issue 18: defining new response types I agree that this functionality is needed. However, I believe its current embodiment is overly restrictive. I would suggest changing this text: Only one response type of each combination may be registered and used for making requests. Composite response types are treated and compared in the same as manner as non-composite response types. The "+" notation is meant only to improve human readability and is not used for machine parsing. For example, an extension can define and register the token+code response type. However, once registered, the same combination cannot be registered as code+token, or used to make an authorization request. to this: The order of the composite response type values is not significant. For instance, the composite response types token+code and code+token are equivalent. Each composite response type value MUST occur only once. Thanks, -- Mike
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
