Re: [OAUTH-WG] JSON based access token requests for OAuth 2.1
hihi i am sorry my run me code scope runtime is work hehehe good Trisna1337 Pada tanggal Sel, 6 Okt 2020 21:18, Janak Amarasena menulis: > Hi All, > > As per my understanding OAuth 2(RFC6749) doesn't mandate any specific > media type to be used in the access token request. The spec implies > application/x-www-form-urlencoded should be used. Since the media type > application/json is very popular and widely used now, any thoughts on > referencing the use of this as well for access token requests? > > Best Regards, > Janak Amarasena > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] JSON based access token requests for OAuth 2.1
Janak, thanks for the clarification. A constraint of the OAuth 2.1 draft is that it adds no new features beyond what has already been standardised and deployed. While I am a fan of JSON, supporting both application/x-www-form-urlencoded and application/json will negatively impact interoperability and add complexity as the content type will need to be negotiated. If it is any consolation, GNAP is starting off with application/json. /Dick ᐧ On Tue, Oct 6, 2020 at 11:10 PM Janak Amarasena wrote: > Hi Aaron, > > Let me clarify a bit. What I meant was the spec does not make it mandatory > to use x-www-form-urlencoded I am stating this as I did not see any > clause with the word "MUST" with regard to this. And also what I was > asking was not to change using x-www-form-urlencoded to json. More like > about the possibility of adding an example of how the parameters should be > used if the request is sent in JSON format like shown in Justin's draft. > This will in turn imply JSON formatted requests are also acceptable and to > anyone who wants to support this media type has guidance. > > Best Regards, > Janak Amarasena > > On Tue, Oct 6, 2020 at 8:40 PM Aaron Parecki wrote: > >> The spec does clearly require form-encoded POST requests to the token >> endpoint, it's not just an implication. The requests made include simple >> key/value pairs so there's nothing really gained by making this a JSON >> post. Changing that at this point would be a drastic breaking change to >> pretty much all existing code for very little benefit if any. >> >> That said, Justin Richer did already write up a draft exploring this >> topic, but it hasn't shown much interest in the group yet. >> >> https://www.ietf.org/id/draft-richer-oauth-json-request-00.html >> >> Aaron >> >> >> >> >> >> >> On Tue, Oct 6, 2020 at 7:18 AM Janak Amarasena >> wrote: >> >>> Hi All, >>> >>> As per my understanding OAuth 2(RFC6749) doesn't mandate any specific >>> media type to be used in the access token request. The spec implies >>> application/x-www-form-urlencoded should be used. Since the media type >>> application/json is very popular and widely used now, any thoughts on >>> referencing the use of this as well for access token requests? >>> >>> Best Regards, >>> Janak Amarasena >>> ___ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >> -- >> --- >> Aaron Parecki >> https://aaronparecki.com >> >> ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] JSON based access token requests for OAuth 2.1
Hi Aaron, Let me clarify a bit. What I meant was the spec does not make it mandatory to use x-www-form-urlencoded I am stating this as I did not see any clause with the word "MUST" with regard to this. And also what I was asking was not to change using x-www-form-urlencoded to json. More like about the possibility of adding an example of how the parameters should be used if the request is sent in JSON format like shown in Justin's draft. This will in turn imply JSON formatted requests are also acceptable and to anyone who wants to support this media type has guidance. Best Regards, Janak Amarasena On Tue, Oct 6, 2020 at 8:40 PM Aaron Parecki wrote: > The spec does clearly require form-encoded POST requests to the token > endpoint, it's not just an implication. The requests made include simple > key/value pairs so there's nothing really gained by making this a JSON > post. Changing that at this point would be a drastic breaking change to > pretty much all existing code for very little benefit if any. > > That said, Justin Richer did already write up a draft exploring this > topic, but it hasn't shown much interest in the group yet. > > https://www.ietf.org/id/draft-richer-oauth-json-request-00.html > > Aaron > > > > > > > On Tue, Oct 6, 2020 at 7:18 AM Janak Amarasena > wrote: > >> Hi All, >> >> As per my understanding OAuth 2(RFC6749) doesn't mandate any specific >> media type to be used in the access token request. The spec implies >> application/x-www-form-urlencoded should be used. Since the media type >> application/json is very popular and widely used now, any thoughts on >> referencing the use of this as well for access token requests? >> >> Best Regards, >> Janak Amarasena >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > -- > --- > Aaron Parecki > https://aaronparecki.com > > ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] JSON based access token requests for OAuth 2.1
The spec does clearly require form-encoded POST requests to the token endpoint, it's not just an implication. The requests made include simple key/value pairs so there's nothing really gained by making this a JSON post. Changing that at this point would be a drastic breaking change to pretty much all existing code for very little benefit if any. That said, Justin Richer did already write up a draft exploring this topic, but it hasn't shown much interest in the group yet. https://www.ietf.org/id/draft-richer-oauth-json-request-00.html Aaron On Tue, Oct 6, 2020 at 7:18 AM Janak Amarasena wrote: > Hi All, > > As per my understanding OAuth 2(RFC6749) doesn't mandate any specific > media type to be used in the access token request. The spec implies > application/x-www-form-urlencoded should be used. Since the media type > application/json is very popular and widely used now, any thoughts on > referencing the use of this as well for access token requests? > > Best Regards, > Janak Amarasena > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- --- Aaron Parecki https://aaronparecki.com ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] JSON based access token requests for OAuth 2.1
Hi All, As per my understanding OAuth 2(RFC6749) doesn't mandate any specific media type to be used in the access token request. The spec implies application/x- www-form-urlencoded should be used. Since the media type application/json is very popular and widely used now, any thoughts on referencing the use of this as well for access token requests? Best Regards, Janak Amarasena ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth