> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Hannes Tydén > Sent: Thursday, September 17, 2009 3:02 AM > To: OAuth > Subject: [oauth] Re: Signing PUT request > > > On Sep 17, 9:55 am, Eran Hammer-Lahav <[email protected]> wrote: > > OAuth Core 1.0 (or a) does *not* include PUT body parameters in the > signature base string. That is a bug which I already fixed a while back > in the very first I-D: > > Thank you for your clarification. But is this just a draft and would > you recommend that I refer the to IETF draft as the canonical > specification of OAuth, when talking to consumer developers?
If you need support for PUT, I suggest you go ahead and remove the POST restriction from your implementation. If your developers want to use the existing libraries, you might want to offer them a patch that will enable that against your system. An ever better solution is for all library maintainers to start providing a version of the code that complies with the IETF drafts. This can be done by forking the code, but better if it is done with an option flag of configuration somewhere. We need to start actually trying out the new spec and the changes it contains. Yes, it is a moving target but that is how good specs should be developed. In this case, there will be an instant benefit for implementing this change. EHL --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
