And to add to this, this example shows that encoding is hard, JSON only solves decoding (in most cases, but not all).
For all direct requests clients still need to encode and without a library still need to figure what chars must be encoded. Introducing JSON because dealing with form-encoded is hard does not make much sense. As discussions last week showed (and earlier on this list), with JSON there is also the perception that it is easy to do by hand and that no escaping is needed. IMO that will lead to way more problems. I guess that there are other reasons to use JSON. The best argument I heard is that JSON may be used in some token formats and in discovery documents. That could make sense, but even then, I don't think there is any harm in using form-encoded for the basic protocol. Marius On Mon, May 24, 2010 at 2:13 PM, Eran Hammer-Lahav <[email protected]> wrote: > This is a bad example. This deals with encoding for the purpose if the > signature base string. Not the same as decoding responses which I doubt is a > problem for Twitter as I think their token values are URL safe. > > EHL > > > On 5/23/10 3:32 PM, "Dick Hardt" <[email protected]> wrote: > > Frustration devs have with URL encoding. This is the core motivation to > using JSON as the AS response format. > > -- Dick > > Begin forwarded message: > > From: Andrew Badera <[email protected]> > Date: May 23, 2010 2:57:44 PM PDT > To: [email protected] > Cc: [email protected] > Subject: [oauth] Re: [twitter-dev] Hard lesson learned > Reply-To: [email protected] > > Miguel, > > This 'lesson' has been 'learned' and re-learned many times over, here on the > Twitter dev list and on the oauth list. One would hope that at some point > this issue would rise to enough prominence to get people in charge of > implementation, and sig participants in general, to do something about it. > The common developer these days is not a super savvy geek, and even the > super savvy geeks among us waste time on this issue, again and again. > > ∞ Andy Badera > ∞ +1 518-641-1280 Google Voice > ∞ This email is: [ ] bloggable [x] ask first [ ] private > ∞ Google me: http://www.google.com/search?q=andrew%20badera > > > On Sun, May 23, 2010 at 5:52 PM, Miguel de Icaza <[email protected]> > wrote: > > Hello guys, > > Perhaps the most frustrating piece in dealing with the OAuth > configuration is that the twitter OAuth page talks casually about > "urlEncode". You need to "urlEncode this" and "urlEncode that". What > the page does not say is that "urlEncode" is not a standard > urlEncoding system that web developers are used to. The urlEncode > required by OAuth signatures is actually "percent encode" and it is > *required* that you use percent encoding for anything but a small > subset of characters. > > The only characters that do not require percent encoding are: > > unreserved = a through z, A through Z, 0 through 9 and '-', '.', '_', > '~' > > Miguel > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
