I know that this list is about OAuth in general, but I'm seeing a fairly consistent pattern with how people are using the client libraries.
Netflix uses OAuth for all requests. This means that consumers are using a vast majority of the libraries in order to use our services. Over the past few months, we've been working with them in order to isolate problems and I've been seeing a few issues like .Net's base URL encoder defaults to lower case hex, Ruby's URL encoder defaults to encoding spaces as '+', and others. While the library authors have done great jobs at working around these issues, they haven't always made things easy for their users and have expected them to duplicate their efforts to ensure that variables are encoded for transfer the same way that they're encoded for the signature generator. Users are often frustrated because they call the Library, get the OAuth Signature Value, yet when they make the call it fails for reasons that aren't always obvious. My proposal is that to get OAuth wider usage, the libraries should be built to a common set of guidelines, things like: Hex Values should be in upper case, escape routines should be publicly accessible, libraries should return properly formatted OAuth Authorization Headers, etc. Basically, help users avoid making common mistakes which will lead to frustration around OAuth. Thoughts? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
