The OAuth spec isn't clear on these points-- hence the questions. Thanks for the great responses.
> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > John Kristian > Sent: Saturday, April 25, 2009 7:10 PM > To: OAuth > Subject: [oauth] Re: POST and PUT with OAuth > > > As a rule, a server shouldn't look for OAuth parameters in the body of > a request whose content-type isn't application/x-www-form-urlencoded > (as specified by http://oauth.net/core/1.0/#consumer_req_param). In > the OpenSocial example, the client could send an XML content-type, > such as text/xml or application/xml. > > On Apr 24, 6:02 pm, Scott Seely <[email protected]> wrote: > > The OAuth spec is silent on how to handle section 5.2 when an HTTP PUT > > |POST might be used to send in OAuth parameters AND resource content. > > For example, an OpenSocial endpoint uses OAuth for authentication and > > may post an XML encoded version of a Person. In this case, does a > > compatible OAuth endpoint have to accept OAuth parameters in the POST > > body or can it choose to only look for parameters in the HTTP > > Authorization header and on the query string? > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
