So this appears to be a breaking change... Is a possible workaround for subscribers to say that the callback url includes a query string parameter "hub.verify_token"
On Sun, Nov 20, 2011 at 6:32 AM, Julien Genestoux < [email protected]> wrote: > All, > > In the process of "cleaning" up the spec and to make it ready to add more > important coverage (arbitrary format, private feeds), I identified that we > should probably remove the "hub.verify_token". > > I'm not completely sure why it was initially added (Brett, Brad, Mart?), > but I think it was to facilitate the matching of a feed and subscription > for the subscriber who gets a verification of intent request. I believe > this can all be done thru the callback url, which (as per the good > practices) should be different for each subscription/feed. > > I'm not sure how to submit changes to the protocol, but this would affect > the following sections : > 6.1 : Removal of : > >> hub.verify_token >> OPTIONAL. A subscriber-provided opaque token that will be echoed back in >> the verification request to assist the subscriber in identifying which >> subscription request is being verified. If this is not included, no token >> will be included in the verification request. > > 6.2 : Removal of : > >> hub.verify_token >> OPTIONAL. The subscriber-provided opaque token from the corresponding >> subscription request, if one was provided. > > 6.2.1 Change of the first paragraph (remove the red): > >> The subscriber MUST confirm that the hub.topic and hub.verify_token >> correspond >> to a pending subscription or unsubscription that it wishes to carry out. >> [...] > > 8.2 : Removal of section altogether. > > Feedback? > > Thanks! >
