On Jan 7, 11:47 am, jr conlin <[email protected]> wrote: > I know that this list is about OAuth in general, but I'm seeing a fairly > consistent pattern with how people are using the client libraries. > > Netflix uses OAuth for all requests. This means that consumers are using > a vast majority of the libraries in order to use our services. Over the > past few months, we've been working with them in order to isolate > problems and I've been seeing a few issues like .Net's base URL encoder > defaults to lower case hex, Ruby's URL encoder defaults to encoding > spaces as '+', and others.
This is not an issue of more standardization, but writing compliant code. If the spec isn't clear, we should fix it, but dealing with '+' encoding belongs clearly in the spec. > While the library authors have done great jobs at working around these > issues, they haven't always made things easy for their users and have > expected them to duplicate their efforts to ensure that variables are > encoded for transfer the same way that they're encoded for the signature > generator. > > Users are often frustrated because they call the Library, get the OAuth > Signature Value, yet when they make the call it fails for reasons that > aren't always obvious. > > My proposal is that to get OAuth wider usage, the libraries should be > built to a common set of guidelines, things like: Hex Values should be > in upper case, escape routines should be publicly accessible, libraries > should return properly formatted OAuth Authorization Headers, etc. > Basically, help users avoid making common mistakes which will lead to > frustration around OAuth. We need to take these one at a time. Hex values must be upper case - section 5.1 is pretty clear about that. Escape routines should be publicity accessible - this is a matter a a uniform API design which I would like to see very much, but might be hard across so many different languages. Libraries should return properly formatted OAuth Authorization Headers - yeah, libraries should implement the OAuth spec... There is plenty of work on normalizing libraries, but for the most part, the issues you raise are all about potential poor spec writing and that is where they should be addressed. > Thoughts? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
