BTW, this sentence in http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html#when_to_include
" # OAuth Consumers MUST NOT include an oauth_body_hash parameter on requests with form-encoded request bodies. " seems to leave PUT requests with form-encoded name/value pairs in a bad spot, not covered by the core spec (which only deals with POSTs), nor covered by the body hash spec. On Wed, Sep 16, 2009 at 4:06 PM, Hans Granqvist <[email protected]> wrote: > We're going live with some new PUT-based APIs. The body is not name/value > pairs and thus not application/x-www-form-urlencoded. > > Can anybody shed some light on the status of > http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html > and how it relates to OAuth main spec? > > Has anyone implemented it in production? > > Thanks, > Hans > > > On Tue, Sep 15, 2009 at 11:40 AM, Hannes Tydén <[email protected]> wrote: >> >> The OAuth Request Body Hash enables integrity checking "on HTTP >> request bodies with content types other than application/x-www-form- >> urlencoded". >> >> My PUT requests have content type "application/x-www-form-urlencoded" >> and I can't see why they should be treated differently than POST >> requests, though looking at the Ruby OAuth library only POST request >> bodies are added to the normalized parameters. >> >> On Sep 15, 8:23 pm, John Kristian <[email protected]> wrote: >>> No, the signature base string doesn't contain parameters from the body >>> of a PUT request. >>> >>> There is an extension to protect request >>> bodies.http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash... >>> >>> On Sep 15, 8:29 am, Hannes Tydén <[email protected]> wrote: >>> >>> > When I do a POST with content type "application/x-www-form-urlencoded" >>> > the request body should be used to form part of the signature base >>> > string. Is this also the case for PUT requests? >>> >>> > I can't find anything in the specification that says that PUT requests >>> > would be treated any differently, but I just want to make sure. >>> >>> >> >> >> > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
