On Aug 10, 2012, at 9:28 AM, Justin Richer wrote:
> On 08/09/2012 06:47 PM, Dick Hardt wrote:
>>
>> On Aug 9, 2012, at 1:08 PM, Justin Richer wrote:
>>
>>> With MAC, you should be able to re-use about 80-90% of your existing
>>> codepath that's in place for Bearer, simplifying the setup below.
>>
>> That makes no sense, I would be adding MAC to the sites that support MAC in
>> addition to OAuth 1.0A or OAuth 2.0
>
> You get to re-use all of the code for OAuth2 for issuing tokens (from server
> side) and requesting tokens (from client side). Apart from parsing the JSON
> value that's returned from the token endpoint (and you are using a generic
> parser there, right?), nothing changes here. The part where you *use* the
> token to access a protected resource (client), or *validate* a request to a
> protected resource (server) changes significantly, yes. But that's only a
> small part of the process.
That makes sense, sorry I was not clear on what I said did not make sense,
which was "simplifying the setup below"
As a client developer, adding MAC to the mix *increases* my code base as it is
yet another protocol to understand and implement against. OAuth 1.0A and OAuth
2.0 bearer are not going to go away.
-- Dick
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth