When an authorized resource request is a POST with content type of multipart/form-data, which (if any) parameters in the POST body should be signed? The spec (section 5.2) only talks about signing POST parameters when the content type is application/x-www-form-urlencoded.
In my scenario, both standard key=value pairs and images are in the multipart POST entity, so I wonder do I sign just the standard key=value pairs and skip over the images, or not sign anything at all? I don't think the spec addresses the question at all, but my reading from section 5.2 suggests that no parameters in the POST entity should be signed unless the content type is application/x-www-form-urlencoded, which means that parameters that come along with the image are unsigned. -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
