On Tue, Mar 10, 2009 at 11:46 AM, Marc Worrell <[email protected]> wrote: > > > On 10 mrt 2009, at 11:16, Ben Laurie wrote: >> Obviously the choice is dictated by existing OAuth - unfortunately the >> existing spec isn't clear so I guess the question is: what does >> existing code do? I'm betting it does: >> >> 1. Sort >> 2. Convert to UTF-8 >> 3. URL encode > > The OAuth-PHP library does: > > 1. URL Encode > 2. Sort > > The library is character set agnostic, it just handles the names/ > values as octet streams and therefore doesn't need any UTF-8 encoding/ > decoding steps.
Except that the OAuth spec requires UTF-8 encoding, so that is a bug. > > In my opinion OAuth is character set agnostic, so this whole character > set encoding/decoding shouldn't be part of the discussion about > sorting and signing. OAuth is just signing the bytes, so when you > want to represent name/value pairs as UTF-32 big endian, just go ahead > (just don't expect that a lot of servers will understand what you are > sending :-). > > - Marc > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
