We're going live with some new PUT-based APIs. The body is not name/value pairs and thus not application/x-www-form-urlencoded.
Can anybody shed some light on the status of http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html and how it relates to OAuth main spec? Has anyone implemented it in production? Thanks, Hans On Tue, Sep 15, 2009 at 11:40 AM, Hannes Tydén <[email protected]> wrote: > > The OAuth Request Body Hash enables integrity checking "on HTTP > request bodies with content types other than application/x-www-form- > urlencoded". > > My PUT requests have content type "application/x-www-form-urlencoded" > and I can't see why they should be treated differently than POST > requests, though looking at the Ruby OAuth library only POST request > bodies are added to the normalized parameters. > > On Sep 15, 8:23 pm, John Kristian <[email protected]> wrote: >> No, the signature base string doesn't contain parameters from the body >> of a PUT request. >> >> There is an extension to protect request >> bodies.http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash... >> >> On Sep 15, 8:29 am, Hannes Tydén <[email protected]> wrote: >> >> > When I do a POST with content type "application/x-www-form-urlencoded" >> > the request body should be used to form part of the signature base >> > string. Is this also the case for PUT requests? >> >> > I can't find anything in the specification that says that PUT requests >> > would be treated any differently, but I just want to make sure. >> >> > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
