Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Fri, May 7, 2010 at 11:29 AM, Greg Brail wrote: > JSONObject is fine. I imagine that any development organization could use it > in their project as long as their legal staff is willing to forgo the option > of doing Evil. (That's what the license says ;-) If the issue is purely the quirky lic

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

then using form-urlencoded, to me, is the simplest choice that places the fewest barriers in front of developers on all platforms. *From:* Luke Shepard [mailto:lshep...@facebook.com] *Sent:* Friday, May 07, 2010 1:48 AM *To:* Greg Brail *Cc:* oauth@ietf.org *Subject:* Re: [OAUTH-WG] application/x-www-for

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Fri, May 7, 2010 at 11:28 AM, Eran Hammer-Lahav wrote: > > Again, for the server, this is just a single printf() statement per format: > > printf("{\"access_token\":\"%s\",\"expires_in\":%d}", token, expires); > printf("%s%d", > token, expires); > > For the client, if they don't like the defau

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

etf.org] On Behalf > Of Pid > Sent: Friday, May 07, 2010 8:46 AM > To: oauth@ietf.org > Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON > (Proposal) > > On 07/05/2010 16:28, Eran Hammer-Lahav wrote: > > This approach seems the most reasonable to me. > &g

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

h-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf >> Of Torsten Lodderstedt >> Sent: Thursday, April 29, 2010 12:46 PM >> To: Robert Sayre >> Cc: jsm...@stanfordalumni.org; oauth@ietf.org >> Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON >> (Pro

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

> To: Robert Sayre > Cc: jsm...@stanfordalumni.org; oauth@ietf.org > Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON > (Proposal) > > Hi all, > > please find below a proposal for adding support for multiple response > formats to the specification. I h

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

hy JSON instead of, say, XML? JSON unambiguously translates to and from > commonly used (usually native) data structures in virtually every common > scripting and programming language in existence. > > Paul > > -Original Message- > From: Pid > Reply-to: p...@

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

Well, if the response is guaranteed to be a flat list of name-value pairs, then JSON seems like overkill. -Original Message- From: Mike Moore To: Paul C. Bryan Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal) Date: Fri, 7 May 2010 09:04:30 -0600 On Fri, May

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

ion/x-www-form-urlencoded vs JSON (Proposal) Date: Fri, 07 May 2010 15:19:54 +0100 On 06/05/2010 18:29, Torsten Lodderstedt wrote: > +1 , we've got really strong support for JSON and I'm also looking > forward to review Erans proposal. Sorry but I am going to continue being Devi

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On 06/05/2010 18:29, Torsten Lodderstedt wrote: > +1 , we've got really strong support for JSON and I'm also looking > forward to review Erans proposal. Sorry but I am going to continue being Devil's Advocate and keep asking why JSON is better. Just saying "we all want it" isn't a positive argume

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On May 6, 2010, at 9:13 AM, Greg Brail wrote: I agree that JSON is the long-term winner. However, at least for Java and Python I know that JSON parsers are not part of the standard library, whereas everything needed to decode a url-formencoded library is in the standard libraries and has been

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

+1 , we've got really strong support for JSON and I'm also looking forward to review Erans proposal. I checked back today with some of our service and client application developers. All of our services offer JSON and XML as transport format, no one even considered using application/x-www-form-

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

an we make the 2.0 spec simpler in that respect. *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf Of *Joseph Smarr *Sent:* Thursday, May 06, 2010 11:47 AM *To:* p...@pidster.com *Cc:* oauth@ietf.org *Subject:* Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Pro

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

I'm hearing a lot of confusion on this thread. Evan-of course when attributes are sent *on-the-url* then they get parsed automatically by the HTTP stack, but we're talking about the response body, which every OAuth 1.0 library I've seen writes their own (usually buggy) parser for, and that's where

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On 05/05/2010 19:49, DeWitt Clinton wrote: > Having written more than one compliant JSON parser myself, it is most > certainly not "trivial", and not something that can be safely done with > a regular expression or other hacks. > > That said, it's not /hard/, and that alone is no reason not to man

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

Having written more than one compliant JSON parser myself, it is most certainly not "trivial", and not something that can be safely done with a regular expression or other hacks. That said, it's not *hard*, and that alone is no reason not to mandate JSON, but I do want people to be clear about wha

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

Am 05.05.2010 20:01, schrieb Evan Gilbert: On Wed, May 5, 2010 at 10:59 AM, Evan Gilbert > wrote: On Wed, May 5, 2010 at 10:47 AM, Torsten Lodderstedt mailto:tors...@lodderstedt.net>> wrote: Even if not supported directly by the platform there are

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Wed, May 5, 2010 at 11:29 AM, John Jawed wrote: > JSON markup is lighter than XML markup. Yes, but I don't think XML was an option anymore. The question is between: 1. application/x-www-form-urlencoded 2. application/x-www-form-urlencoded and JSON Marius > > On Wed, May 5, 2010 at 11:17 AM

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Wed, May 5, 2010 at 11:19 AM, Torsten Lodderstedt wrote: > Am 05.05.2010 20:14, schrieb Marius Scurtescu: >> >> On Wed, May 5, 2010 at 10:47 AM, Torsten Lodderstedt >>  wrote: >> >>> >>> Even if not supported directly by the platform there are many JSON >>> libraries >>> available these days.

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

Am 05.05.2010 20:14, schrieb Marius Scurtescu: On Wed, May 5, 2010 at 10:47 AM, Torsten Lodderstedt wrote: Even if not supported directly by the platform there are many JSON libraries available these days. http://www.json.org/ lists 3 libraries for Objective-C alone. Moreover, the JSON d

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Wed, May 5, 2010 at 10:06 AM, Evan Gilbert wrote: > > ... and JSON only adds complexity and external > library requirements. > > I'm not positive we need to support JSON at all. Tend to agree. Other than being nice, what other advantages does JSON provide? Keep in mind that most people voted

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

otherwise (including requests) > > > > > > > EHL > > > > > -Original Message- > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > > Of Torsten Lodderstedt > > > Sent: Friday, April 30, 2010 2:00 AM > > To

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Wed, May 5, 2010 at 10:47 AM, Torsten Lodderstedt wrote: > Even if not supported directly by the platform there are many JSON libraries > available these days. > > http://www.json.org/ lists 3 libraries for Objective-C alone. > > Moreover, the JSON documents we are discussing now are simple, so

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Wed, May 5, 2010 at 9:16 AM, David Recordon wrote: > As long as we spec that the response can only contain one parameter (either > "error" or "access_token") then the code to parse it in PHP is as follows: > > list($param, $value) = explode('=', $response, 2); > if ($param == 'access_token') {

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

Lodderstedt; oauth@ietf.org Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal) On Wed, May 5, 2010 at 8:28 AM, Eran Hammer-Lahav mailto:e...@hueniverse.com>> wrote: I'll add something to the draft and we'll discuss it. There is enough consensus on a sing

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Wed, May 5, 2010 at 10:59 AM, Evan Gilbert wrote: > > > On Wed, May 5, 2010 at 10:47 AM, Torsten Lodderstedt < > tors...@lodderstedt.net> wrote: > >> Even if not supported directly by the platform there are many JSON >> libraries available these days. >> > > It's not hard to add JSON support,

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Wed, May 5, 2010 at 10:47 AM, Torsten Lodderstedt < tors...@lodderstedt.net> wrote: > Even if not supported directly by the platform there are many JSON > libraries available these days. > It's not hard to add JSON support, but it's a factor in the choice. > > http://www.json.org/ lists 3 li

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Wed, May 5, 2010 at 10:24 AM, Robert Sayre wrote: > On Wed, May 5, 2010 at 1:06 PM, Evan Gilbert wrote: > > > > > > On Wed, May 5, 2010 at 8:28 AM, Eran Hammer-Lahav > > wrote: > >> > >> I'll add something to the draft and we'll discuss it. There is enough > >> consensus on a single JSON res

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

Even if not supported directly by the platform there are many JSON libraries available these days. http://www.json.org/ lists 3 libraries for Objective-C alone. Moreover, the JSON documents we are discussing now are simple, something like { "access_token": "SlAV32hkKG", "expires_in": "3600",

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Wed, May 5, 2010 at 1:06 PM, Evan Gilbert wrote: > > > On Wed, May 5, 2010 at 8:28 AM, Eran Hammer-Lahav > wrote: >> >> I'll add something to the draft and we'll discuss it. There is enough >> consensus on a single JSON response format. > > Responses that are returned via a browser URL should

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

, 2010 2:00 AM > > To: Brian Eaton > > Cc: oauth@ietf.org > > Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON > > (Proposal) > > > > > > Zitat von Brian Eaton : > > > > > On Thu, Apr 29, 2010 at 2:40 PM, Mike Moore > > wr

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Wed, May 5, 2010 at 11:42 AM, Marius Scurtescu wrote: > On Wed, May 5, 2010 at 8:28 AM, Eran Hammer-Lahav wrote: >> I'll add something to the draft and we'll discuss it. There is enough >> consensus on a single JSON response format. > > Yesterday I got the following feedback: > > On Tue, May

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

As long as we spec that the response can only contain one parameter (either "error" or "access_token") then the code to parse it in PHP is as follows: list($param, $value) = explode('=', $response, 2); if ($param == 'access_token') { } elseif ($param == 'error') { } If it can contain more than o

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Wed, May 5, 2010 at 8:28 AM, Eran Hammer-Lahav wrote: > I'll add something to the draft and we'll discuss it. There is enough > consensus on a single JSON response format. Yesterday I got the following feedback: On Tue, May 4, 2010 at 5:43 PM, Greg Robbins wrote: > Using JSON on the iPhone

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

30, 2010 2:00 AM > To: Brian Eaton > Cc: oauth@ietf.org > Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON > (Proposal) > > > Zitat von Brian Eaton : > > > On Thu, Apr 29, 2010 at 2:40 PM, Mike Moore > wrote: > >> On Thu, Apr 29, 2010 a

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On 2010-04-30, at 9:02 AM, Yaron Goland wrote: > I actually have a preference for application/x-www-form-urlencoded but it's > not overwhelming, the key thing I believe we need to do is have exactly one > request/response format. In other words, I don't believe we should use one > format for r

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On 4/29/10 1:49 PM, "Yaron Goland" wrote: > Can we please just have one format, not 3? The more choices we give the more > interoperability suffers. +1 I vote for JSON, and I'm not a fan of XML, however my main preference is that we just pick one. One of the primary goals of OAuth-WRAP was to

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Fri, Apr 30, 2010 at 11:12 AM, Eran Hammer-Lahav wrote: > I don't think the two are related. Request format is based on common HTTP > request practice and is built-in every web client. Adding a list of > parameters to a request URI is trivial. Response format on the other hand is > less consist

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

orsten Lodderstedt; Brian Eaton > Cc: oauth@ietf.org > Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON > (Proposal) > > I actually have a preference for application/x-www-form-urlencoded but it's > not overwhelming, the key thing I believe we need to do is have

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

ck one for both. >Thanks, > Yaron > > > -Original Message- > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > > Of Torsten Lodderstedt > > Sent: Friday, April 30, 2010 2:00 AM > > To: Brian Eaton &g

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

ck one for both. Thanks, Yaron > -Original Message- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Torsten Lodderstedt > Sent: Friday, April 30, 2010 2:00 AM > To: Brian Eaton > Cc: oauth@ietf.org > Subject: Re: [O

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

Zitat von Brian Eaton : On Thu, Apr 29, 2010 at 2:40 PM, Mike Moore wrote: On Thu, Apr 29, 2010 at 2:49 PM, Yaron Goland wrote: Can we please just have one format, not 3? The more choices we give the more interoperability suffers. Yes. The number of parsers needed to make a working syst

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

> multiple response formats Quite a few people (most?) have (often strongly) favoured a single response format, and most of them prefer JSON. I agree: JSON for responses, application/x-www-form-urlencoded for requests. > Proposed changes to section 3.5.2 should be applied to > 3.5.3, 3.6.1., 3

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Thu, Apr 29, 2010 at 12:45 PM, Torsten Lodderstedt wrote: > 3.5.2.  Web Server Flow > 3.5.2.2.  Client Requests Access Token > >   The client obtains an access token from the authorization server by > >   secret_type >         OPTIONAL.  The access token secret type as described by >         S

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

On Thu, Apr 29, 2010 at 2:40 PM, Mike Moore wrote: > On Thu, Apr 29, 2010 at 2:49 PM, Yaron Goland wrote: >> >> Can we please just have one format, not 3? The more choices we give the >> more interoperability suffers. Yes. The number of parsers needed to make a working system is important. The

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

alf > > Of Torsten Lodderstedt > > Sent: Thursday, April 29, 2010 12:46 PM > > To: Robert Sayre > > Cc: jsm...@stanfordalumni.org; oauth@ietf.org > > Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON > > (Proposal) > > > > Hi all, > > &

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

bert Sayre > Cc: jsm...@stanfordalumni.org; oauth@ietf.org > Subject: Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON > (Proposal) > > Hi all, > > please find below a proposal for adding support for multiple response > formats to the specification. I have taken

Re: [OAUTH-WG] application/x-www-form-urlencoded vs JSON (Proposal)

Hi all, please find below a proposal for adding support for multiple response formats to the specification. I have taken the current version of the draft http://github.com/theRazorBlade/draft-ietf-oauth/raw/master/draft-ietf-oauth.txt and added some modifications indicated by dashed lines. Pr