Hi folks - Existing proposals for signing non-form-encoded request bodies can't be safely used with OpenSocial. I've written up a draft OAuth extension that describes why xoauth_body_signature isn't safe and provides a simple alternative:
http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/1/spec.html Feedback most welcome. Cheers, Brian --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
