2006/07/01

Google Account Authentication

Mark Uncategorized
“AuthSubRequest is called as a URL; make a request to: https://www.google.com/accounts/AuthSubRequest with the following query parameters”. Sigh.
(link) [del.icio.us/distobj]
Add your comment
«
»
Trackback

no comment until now

  1. Dan Hatfield
    2006-07-07 13:31

    So, I’m really glad the comments are here b/c sometimes I’m not quite sure what the *sigh* is about….
    This seems sorta restful to me…I mean I can think of worse ways. :)
    But I’m guessing you see a flaw? Care to elaborate?

  2. distobj
    2006-07-07 15:30

    Yah, the del.icio.us interface doesn’t give me much room to elaborate. I was hoping regular readers would figure it out.

    It’s using the old anti-pattern of putting the operation in the URI, combined with the use of GET to change state.

  3. Dan Hatfield
    2006-07-08 09:34

    I should have….I was having a brain-dead moment.
    This seems a little unusual from a “change of state” perspective though…because it essentially reverts itself after the session expires.
    I guess the argument is that HTTP POST or PUT should be used for any change of state regardless of whether or not it is a “temporary” one.

  4. distobj
    2006-07-08 10:46

    That’s pretty much how I see it, yah.

Add your comment now