On 10 mrt 2009, at 12:54, Ben Laurie wrote: > On Tue, Mar 10, 2009 at 11:46 AM, Marc Worrell <[email protected]> > wrote: >> >> The library is character set agnostic, it just handles the names/ >> values as octet streams and therefore doesn't need any UTF-8 >> encoding/ >> decoding steps. > > Except that the OAuth spec requires UTF-8 encoding, so that is a bug.
Not really. The OAuth spec (editor's cut) says in 3.6 Percent Encoding: > 1. Text values are first encoded as UTF-8 octets per [RFC3629] if > they are not already. This does not include binary values which are > not intended for human consumption. So, which fields are for human consumption and which not? I wouldn't let my library make this guess, so better not encode/decode at all and just pass what was given to it by the application. - Marc --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
