Facebook API requests are protected resources. They can be called either in a
browser or in a server-to-server environment.
For example, a JSONP call for my name looks like this:
https://api.facebook.com/restserver.php?api_key=361900759629&call_id=1271436355034&callback=FB.RestServer._callback&format=json&method=fql.query&query=SELECT%20name%20FROM%20user%20WHERE%20uid%3D2901279&v=1.0
The output (you can play with it here: http://fbrell.com/fb.api/everyone-data ):
FB.RestServer._callback([{"name":"Luke Shepard"}]);
If we want that protected resource to take an access token as well, then it
would look like:
https://api.facebook.com/restserver.php?....&callback=FB.RestServer._callback&access_token=ACCESS_TOKEN
The "callback" parameter is used pretty universally for JSONP requests. For
instance, see the Jquery docs: http://api.jquery.com/jQuery.getJSON/
-----Original Message-----
From: Richard Barnes [mailto:[email protected]]
Sent: Friday, April 16, 2010 9:10 AM
To: Luke Shepard
Cc: Eran Hammer-Lahav; Naitik Shah; OAuth WG
Subject: Re: [OAUTH-WG] Rename callback => callback_uri
Could you clarify a little more the environment in which this
confusion arose? What do you mean when you say "The protected
resource typically accepts 'callback' as a parameter to support
JSONP."? What sort of software are you including in this?
--Richard
On Apr 15, 2010, at 5:41 PM, Luke Shepard wrote:
> We already had one developer try it out and get confused because the
> server tried to treat the callback URL as a JSONP callback.
>
> The protected resource typically accepts "callback" as a parameter
> to support JSONP. If a developer accidentally passes in callback
> there (maybe they got confused) then the server can't give a normal
> error message - instead it needs to either detect that it looks like
> a URL or otherwise reject it.
>
> On a related note, I think it's more confusing calling it something
> different in the user-agent flow (redirector) when it's essentially
> doing the same thing.
>
>
> From: [email protected] [mailto:[email protected]] On
> Behalf Of Eran Hammer-Lahav
> Sent: Thursday, April 15, 2010 5:37 AM
> To: Naitik Shah; OAuth WG
> Subject: Re: [OAUTH-WG] Rename callback => callback_uri
>
> I don't think it is that confusing. Its a completely different
> context from where JSON-P is used (note that in the User-Agent flow
> it is called something else).
>
> EHL
>
>
> On 4/10/10 12:35 PM, "Naitik Shah" <[email protected]> wrote:
>
> With the simplified params, the callback url parameter is now just
> "callback". Since most major API providers already use "callback" to
> signify JSON-P callback, can we rename this to "callback_uri"? This
> will help avoid collisions and confusion.
>
>
> -Naitik
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
