api-guidelines icon indicating copy to clipboard operation
api-guidelines copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Add authorization header to simple set as well as suggest its usage

Open oneturkmen opened this issue 8 years ago • 5 comments

PR relates to issue #91.

oneturkmen avatar Aug 17 '17 06:08 oneturkmen

Any update?

oneturkmen avatar Sep 13 '17 23:09 oneturkmen

@darrelmiller just updated the changes. I think it should be good now.

By the way, when writing this guidelines, what web resources did you use?

oneturkmen avatar Sep 15 '17 17:09 oneturkmen

Thanks for the update. I wasn't involved when the original guidelines were being written but I'm guessing that many different sources were used to derive these guidelines.

darrelmiller avatar Sep 15 '17 21:09 darrelmiller

Thanks both. We seem to have lost in the shuffle that if you HAVE to pass the token in the URL due to your perf requirement, then the way to do it MUST be to use the "access_token" query parameter, which seems to be encoded in the initial intent of the paragraph. or am I missing something.

garethj-msft avatar Sep 15 '17 21:09 garethj-msft

@garethj-msft You are correct, we dropped that. I guess I read what I expected to read. I didn't expect the guidelines to enforce a query parameter name. I see the value in doing that, but my gut is telling me that's a bad idea. I need to think about that some more.

But regardless, the existing guidance says it MUST be "access_token" so we shouldn't change that in this PR.

darrelmiller avatar Sep 16 '17 13:09 darrelmiller