John Kristian wrote: > Take percent encoding for example. Neglecting to percent encode leads > to a protocol violation, but when you investigate the root cause you > might find that the OAuth library provides a correct encoding > algorithm but the application neglected to call it. (Users of the > Java library have done this.) I would say that's a programming > problem: it was caused by erroneous interaction between the > application and the library. The protocol violation is merely a > consequence. Actually, that's one of the things I've definitely noticed from folks using some libraries. The problem is that the library goes through great effort to calculate a signature based off of the rules and stipulations of OAuth, then makes the user try and guess what it did in order to come up with that solution. Users will use what they think should work, not necessarily what will indeed work.
I guess what I'm suggesting is more than just a "Ok, here's some inputs and outputs, make sure they match" sort of thing, but more a gentleman's agreement from the various library makers that they provide the user with enough utility that they're not going to try and do things on their own. In other words, they don't just return a signature value, but have options for returning a fully formatted Authorization header, or a set of OAuth key/value pairs so that users can duct-tape them onto the URL or in the POST body or what-have-you. Many of the libraries offer this already, including the Objective C version, the Python version, and (ok, i'll pimp it) my OAuthSimple client library for Javascript and PHP. It'd be nice if the libraries had a reasonably similar way of providing that function so that even if your language of choice isn't well documented, it's trivial to figure out what to do from reading about one that is. I'm working with some of the other library authors to try and get them to offer similar things, or at least do things like make their encoding methods public. Heh, maybe what we need is a "OAuth Seal of Approval" for libs that make life easier for noobs. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
