On Sat, Jan 15, 2011 at 11:41 PM, Eran Hammer-Lahav <[email protected]> wrote: > Why is the token returned in the fragment using form-encoding? This makes no > sense. It should be a JSON string for the following reasons: > > > > 1. All token responses should be the same, which will enable returning > structured responses in the future as needed.
They cannot all be the same. response_type=code has the response in the query parameter, so I think we should stick with flat name/value pairs. > 2. Using fragments is specifically done to accommodate the user-agent > environment, which means JavaScript. Why create extra work when JSON.parse() > does it for you for free. The argument was that it is a somewhat more difficult to safely parse JSON in JavaScript (maybe I remember wrong). Unless we have a good reason to change to JSON, considering it is late in the game, I think we should not make changes. Marius _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
