What's OAuth's rule on duplicate parameters? Any parameter can appear in query string, Authorization header or post body. What happens if the same parameter (say oauth_version) appears in more than one place?
I tried to find some guidance in the spec with no avail. Our current implementation allows duplicate parameters as long as signature counts for the duplication (the parameters is repeated in base string). However, it's still a mystery which one takes precedence if they have different values. In my opinion, this should be cleared banned in the spec. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
