Thanks, everyone. That sounds good. I know a redraft of the spec is in progress. It would be awesome if this could be clarified in a future version. -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire
On Thu, Apr 30, 2009 at 6:45 AM, Blaine Cook <[email protected]> wrote: > > Marc's correct - the intent of the spec is to sign all parameters, > query string and x-www-form-urlencoded alike, for exactly the reasons > that Manish notes. > > b. > > On Thu, Apr 30, 2009 at 10:11 AM, Marc Worrell <[email protected]> wrote: > > > > > > On 30 apr 2009, at 04:53, Manish Pandit wrote: > >> On Apr 29, 6:26 pm, Andrew Arnott <[email protected]> wrote: > >>> - HTTP GET parameters added to the URLs in the query part (as > >>> defined by > >>> [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): > >>> Generic > >>> Syntax,” .) <http://oauth.net/core/1.0/#RFC3986> section 3). > > > > This wording is a bit confusing. What is meant with "GET" are the > > parameters in the query part of the URI. > > > > In practice, all parameters (from POST and query string) are collected > > and signed. > > > > - Marc > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
