Hi Luke,
On Wed, Mar 31, 2010 at 10:28 PM, Luke Shepard <[email protected]> wrote: > At first, I had the same first reaction as Marius, but after reading this > thread, I agree with Eran. Two observations: > 1/ OAuth endpoints are usually already namespaced as "oauth" - if there are > other endpoints that accept custom parameters, they can be defined > elsewhere. For example: > https://www.google.com/accounts/OAuthAuthorizeToken > https://api.login.yahoo.com/oauth/v2/request_auth > http://twitter.com/oauth/authorize The fact that the endpoint URL has "oauth" in it will not prevent any collisions. > 2/ We should fight to keep URLs short and leave out redundant information > where possible. We should leave out redundant information where possible. > Here are two sample URLs. The first is 12% shorter than the second. > http://facebook.com/oauth/authorize?mode=web_callback_access_request&client_id=123456789&callback=http://facebook.com/oauth/callback > http://facebook.com/oauth/authorize?oauth_mode=web_callback_access_request&oauth_client_id=123456789&oauth_callback=http://facebook.com/oauth/callback Yes, shorter in general is better. In this case it is just a bit shorter, it is exactly 18 chars shorter, regardless of the URL length. What is this buying us? End users don't have to type these URLs. Marius _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
