GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Wednesday, 22-Jan-2025 21:36:45 JST Erin 💽✨ Erin 💽✨

    Early drafts of OAuth2 did what?!

    2.3.2. Response Format Authorization servers respond to client requests by including a set of response parameters in the entity body of the HTTP response. The response uses one of three formats based on the format requested by the client (using the "format" request parameter or the HTTP "Accept" header field): o The "application/json" media type as defined by [RFC4627]. The parameters are serialized into a JSON structure by adding each parameter at the highest structure level. Parameter names and string values are included as JSON strings. Numerical values are included as JSON numbers. For example: { "access_token":"SlAV32hkKG", "expires_in":3600, "refresh_token":"8xLOxBtZp8" } o The "application/xml" media type as defined by [RFC3023]. The parameters are serialized into an XML structure by adding each parameter as a child element of the root "<OAuth>" element. [[ Add namespace ]] For example: <?xml version='1.0' encoding="utf-8"?> <OAuth> <access_token>SlAV32hkKG</access_token> <expires_in>3600</expires_in> <refresh_token>8xLOxBtZp8</refresh_token> </OAuth> o The "application/x-www-form-urlencoded" media type as defined by [W3C.REC-html401-19991224]. For example (line breaks are for display purposes only): access_token=SlAV32hkKG&expires_in=3600& refresh_token=8xLOxBtZp8 The authorization server MUST include the HTTP "Cache-Control" response header field with a value of "no-store" in any response containing tokens, secrets, or other sensitive information.

    link

    In conversation about 3 months ago from akko.erincandescent.net permalink
    • Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Wednesday, 22-Jan-2025 22:18:33 JST Erin 💽✨ Erin 💽✨
      in reply to

      (I was looking at some OAuth 2 client code and found a fossil of this in the form of still supporting parsing responses in x-www-form-urlencoded format and I was like “what. why. did someone implement the spec wrong?!” and it looks like the answer is “no, the spec was just briefly bonkers”)

      In conversation about 3 months ago permalink
      Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Wednesday, 22-Jan-2025 22:18:44 JST Erin 💽✨ Erin 💽✨
      in reply to

      (“did someone implement the spec wrong?” yes. of course they did. its oauth 2. its more vibes than a spec to begin with and yet people manage to find new and creative ways to violate the bits that are nailed down all the time)

      In conversation about 3 months ago permalink
      Haelwenn /элвэн/ :triskell: likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.