Regarding character encoding, current spec sounds good but it's really hard to implement. The fact is that all the OAuth libraries we use are non compliant. Java library sorts on UTF-16BE. The PHP one is messy, it probably sorts on the octet stream of whatever encoding defined by setlocale.
The sorting is a tough issue no matter what you do. If you sort on octet stream, you have to bypass most web frameworks to get it. If you sort on a specific encoding, it's not readily convertible on some platforms. Sometimes, OAuth just doesn't know what encoding it is. OAuth should stay out the multi-byte collation mess. We achieve this by adding following restrictions to OAuth spec, 1. Parameter name must be ASCII. 2. Duplicate parameters are not allowed. Even without OAuth, these 2 restrictions are good practices for any web protocols. Our product is for Chinese market, I haven't seen anyone use non-ASCII names in parameter names. So I think these restrictions should be added in OAuth, at least as recommendations. Zhihong On Mar 10, 1:52 pm, Brian Eaton <[email protected]> wrote: > On Tue, Mar 10, 2009 at 6:02 AM, Marc Worrell <[email protected]> wrote: > > And keeping it simple might mean transcoding all your UTF-whatever > > into an octet stream before pushing it into your transport-layer-with- > > oauth-signing. > > > Which makes it completely according to the specs, but without the > > complications for the library. > > This is undoubtedly the easiest way to go, assuming that the receiving > application has access to the transport layer. Not all receiving apps > do. For example, most web development platforms parse out form > encodings well before the application gets a chance to peek at the raw > octets. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
