Hacker News new | ask | show | jobs
by will4274 2070 days ago
> using JSON is a step up from using form params

Why? It seems to me that I'm either writing Json.Serialize(loginParams) or HttpForms.Serialize(loginParams). Both are human readable and weakly typed. From a developer perspective, these seem almost exactly equivalent, just different.
1 comments
mooreds 2070 days ago
Ah, in my opinion, it's better to be able to build an object then serialize it, rather than have to jam object semantics into form parameters (and then serialize them).

Here's a grant request from the draft:

   {
       "resources": [
           {
               "type": "photo-api",
               "actions": [
                   "read",
                   "write",
                   "dolphin"
               ],
               "locations": [
                   "https://server.example.net/",
                   "https://resource.local/other"
               ],
               "datatypes": [
                   "metadata",
                   "images"
               ]
           },
           "dolphin-metadata"
       ],
       "client": {
         "display": {
           "name": "My Client Display Name",
           "uri": "https://example.net/client"
         },
         "key": {
           "proof": "jwsd",
           "jwk": {
                       "kty": "RSA",
                       "e": "AQAB",
                       "kid": "xyz-1",
                       "alg": "RS256",
                       "n": "kOB5rR4Jv0GMeL...."
           }
         }
       },
       "interact": {
           "redirect": true,
           "callback": {
               "method": "redirect",
               "uri": "https://client.example.net/return/123455",
               "nonce": "LKLTI25DK82FX4T4QFZC"
           }
       },
       "capabilities": ["ext1", "ext2"],
       "subject": {
           "sub_ids": ["iss-sub", "email"],
           "assertions": ["id_token"]
       }
   }
(Not all of the object keys are required, FYI). The ability to have resources be a rich object (as opposed to a string) and to support multiple resources in one grant request seems to me to be a good thing(tm).
link