necaris: me looking dapper at a wedding (Default)
necaris ([personal profile] necaris) wrote in [site community profile] dw_dev 2014-05-20 07:32 pm (UTC)

I too have lots of opinions on this subject, but mine are generally less justified ;-)

1: 1 > 1a, because CORS is a pain in the behind and IMHO it's clearer to do DOMAIN/RESOURCE/ID

3/4: The OAuth standard suggests using an Authorization: header to hold an access token, which I'm +1 on because it's pretty straightforward and easy to understand. It'd be great if something else was supported as well but Authorization is a standard header and IMHO since the standard headers are available they should be used.

I would love to help out with this if possible, headspace and time constraints permitting :-)
(4 comments)

Post a comment in response:

If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.