>From the IETF draft 01, section 6.1.1: The request parameters, which include both protocol parameters and request-specific parameters, are extracted and restored to their original unencoded form, from the following sources:
It then lists the Authorization header, request body and URI query component. Now, this indicates to me that all three sources must be supported to conform to the spec. However, from the example in OAuth Discovery 1.0 Draft 2, Appendix A: The Service Provider does not support parameters in the HTTP body. My understanding is that things like this are probably up to the Service Provider to decide whether they provide them or not, as consumers will be written with a particular Service Provider in mind anyway. Some clarification for peace of mind would be useful though. For the moment I am not supporting request parameters sent via the POST body in CouchDB, and it's probably not worth adding it unless there is a good reason as consuming the request body before passing the request on to other handlers means I have to pass the request body to them too i.e. possible performance hit and deeper changes needed to the code. Thanks again, Jason --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
