By 'programming interface' I mean an interface between software modules, like between an OAuth library and software that calls it. By 'protocol interface' I mean the bytes transmitted over the network between the consumer and service provider. Think of a layering diagram, in which an OAuth library has a programming interface to higher-level things, and down toward the bottom is a protocol interface.
Take percent encoding for example. Neglecting to percent encode leads to a protocol violation, but when you investigate the root cause you might find that the OAuth library provides a correct encoding algorithm but the application neglected to call it. (Users of the Java library have done this.) I would say that's a programming problem: it was caused by erroneous interaction between the application and the library. The protocol violation is merely a consequence. Making the signature base string available for debugging is a fine idea. On Jan 8, 11:35 am, Jesse Clark <[email protected]> wrote: > John, could you expand on what you mean by 'programming interface' vs. > 'protocol interface' problems? > > At ma.gnolia, we spent a pretty decent amount of time helping people > debug rejected signatures that were usually resulting from differences > in both how the implementor of the client library composed the > Signature Base String and differences in how the various URL libraries > from different platforms handle encoding. I would call these > 'protocol' issues not software design issues. > > However, while trying to debug problems with conflicting signatures, > it was often necessary to ask the client user to try to find the SBS > for a given set of inputs which was not always easy. So, software > design guidelines suggesting a debug mode that would log the SBS data > somewhere might be a good idea too. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
