On Wed, Feb 25, 2009 at 1:58 PM, Seth Fitzsimmons <s...@mojodna.net> wrote: > > My quick list: > > * terminology - 'request a request token'
I would prefer something like "intermediate token" (what does request token mean?!) > * Handling of "required" empty parameters. > * plaintext secret w/ empty access token (<something>&<blank>, not > <something>) This is a little weird, but ends up being really easy to program for. I could go either way. > * realm handling > * clearer explanation of creating the signature base string (in my > experience, this is the source of most problems) > * explicit definition of 2-legged auth > * sections 6 and 7 being approximately the same thing Having example input data and outputs of the resultant signature + various intermediate data items (sbs, etc.) would be extremely helpful. ~ Anders > > seth > > On Tue, Feb 24, 2009 at 3:25 PM, Eran Hammer-Lahav <e...@hueniverse.com> > wrote: >> >> I am getting ready to making a complete rewrite of the current OAuth spec. >> The idea is to make it much easier to read without changing anything that >> will impact implementation. This will be useful both for clarity but also as >> a better starting point for the upcoming OAuth effort at the IETF. >> >> What I would like to ask people who have read the spec or implemented it to >> share as many problems, errors, failures, mistakes, misunderstandings, >> wasted time, etc. caused by the spec not being clear enough. >> >> You can simply describe the error (did not sort parameter, did not %-encode, >> %-encoded twice, etc.) or the section of the spec you had to read 325 times >> before it made any sense. >> >> Please reply to this thread so we have a public inventory of OAuth FAILs. >> >> EHL >> >> >> > >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---