> Thanks. I didn't know about that extension. Is there a list of all the > OAuth extensions somewhere?
There are two locations that list extensions that I'm aware of. The first is on the Google code SVN, here: http://oauth.googlecode.com/svn/spec/ext/ And the second is the OAuth wiki: http://wiki.oauth.net/Extensions The two don't seem to be sync'd, exactly. -- justin > -- > Andrew Arnott > "I [may] not agree with what you have to say, but I'll defend to the death > your right to say it." - S. G. Tallentyre > > On Fri, May 29, 2009 at 6:06 PM, Brian Eaton <[email protected]> wrote: > > > On Fri, May 29, 2009 at 5:25 PM, Andrew Arnott <[email protected]> > > wrote: > > > I don't think the spec addresses the question at all, but my reading from > > > section 5.2 suggests that no parameters in the POST entity should be > > signed > > > unless the content type is application/x-www-form-urlencoded, which means > > > that parameters that come along with the image are unsigned. > > > I agree with your interpretation of the spec. > > > If you care a lot about the integrity of the body, but can't use > > something simple like https for your purposes, check out > >http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash... > > . > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
