Once there is an agreed-upon reference implementation (RI) (http://en.wikipedia.org/wiki/Reference_implementation), developers have a solid point to test their implementations against and everyone should be happy ;)
Note a RI doesn't need to be production-level code, just code that 100% correctly implements the spec. I don't think I've seen an official RI, but perhaps there is an ad-hoc one already? If not, what is a good candidate for a RI? Can/should third parties like Apache SF be involved here somehow? Hans On Thu, Jan 8, 2009 at 7:04 AM, Krishna Sankar (ksankar) <[email protected]> wrote: > Which means, we need a conformance spec and a couple of test suits > implementations. This is all good as it shows that the domain is maturing … > Would be happy to help in any way … > > > > Cheers > > <k/> > > > > From: [email protected] [mailto:[email protected]] On Behalf Of > David Fuelling > Sent: Thursday, January 08, 2009 6:23 AM > To: [email protected] > Subject: [oauth] Re: Standardizing the OAuth Client Libraries > > > > +10. > > On Wed, Jan 7, 2009 at 7:47 PM, jr conlin <[email protected]> wrote: > > I know that this list is about OAuth in general, but I'm seeing a fairly > consistent pattern with how people are using the client libraries. > > Netflix uses OAuth for all requests. This means that consumers are using > a vast majority of the libraries in order to use our services. Over the > past few months, we've been working with them in order to isolate > problems and I've been seeing a few issues like .Net's base URL encoder > defaults to lower case hex, Ruby's URL encoder defaults to encoding > spaces as '+', and others. > > While the library authors have done great jobs at working around these > issues, they haven't always made things easy for their users and have > expected them to duplicate their efforts to ensure that variables are > encoded for transfer the same way that they're encoded for the signature > generator. > > Users are often frustrated because they call the Library, get the OAuth > Signature Value, yet when they make the call it fails for reasons that > aren't always obvious. > > My proposal is that to get OAuth wider usage, the libraries should be > built to a common set of guidelines, things like: Hex Values should be > in upper case, escape routines should be publicly accessible, libraries > should return properly formatted OAuth Authorization Headers, etc. > Basically, help users avoid making common mistakes which will lead to > frustration around OAuth. > > Thoughts? > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
