As a rule, a server shouldn't look for OAuth parameters in the body of a request whose content-type isn't application/x-www-form-urlencoded (as specified by http://oauth.net/core/1.0/#consumer_req_param). In the OpenSocial example, the client could send an XML content-type, such as text/xml or application/xml.
On Apr 24, 6:02 pm, Scott Seely <sse...@myspace-inc.com> wrote: > The OAuth spec is silent on how to handle section 5.2 when an HTTP PUT > |POST might be used to send in OAuth parameters AND resource content. > For example, an OpenSocial endpoint uses OAuth for authentication and > may post an XML encoded version of a Person. In this case, does a > compatible OAuth endpoint have to accept OAuth parameters in the POST > body or can it choose to only look for parameters in the HTTP > Authorization header and on the query string? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---