messages/Standard - split off request object and file
Issue #572
wontfix
Request object and request file duplicate information that's in the other request parameters. This is awkward, confusing, and can lead to situations where the two conflict. If instead these were defined as methods to access the OAuth Authorization Endpoint in an OAuth extension, they could dictate that all parameters be passed directly in the object alone. This could be referenced normatively from Connect.
Comments (4)
-
-
Account Deleted
Not all OAuth extensions need to go through the WG though.
-
- changed status to wontfix
We could consider doing this as a new flow once a request object format is on track for OAuth standardization, but for now, this would likely be incompatible with existing OAuth implementations.
-
Account Deleted
It'll be incompatible with existing implementations anyway since they won't know what to do with all the extra bits. From what I can read, it won't degrade very gracefully in this case. What's the problem with OIDF defining an OAuth extension on its own? Like I said (apparently anonymously) above, not everything needs to be piped through the OAuth WG to be considered a "standard" doc. The IETF isn't the only one that can say "This is what you can do with OAuth", and the WG isn't the only way to track things within the IETF, either.
I'd like to request that this issue be re-opened and that we discuss it at the Yahoo meeting.
- Log in to comment
Yes. I have been pushing this for almost two years, and OAuth WG is yet to adopt it as a new work item due to the five items limit.
See http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/