The OAuth spec is silent on how to handle section 5.2 when an HTTP PUT |POST might be used to send in OAuth parameters AND resource content. For example, an OpenSocial endpoint uses OAuth for authentication and may post an XML encoded version of a Person. In this case, does a compatible OAuth endpoint have to accept OAuth parameters in the POST body or can it choose to only look for parameters in the HTTP Authorization header and on the query string?
Scott Seely architect email [email protected] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
