This is a good question. I assume you are reading the latest version (draft-hammer-oauth-03): http://tools.ietf.org/html/draft-hammer-oauth-03#section-4.1
It is more clear in the original version (http://oauth.net/core/1.0a) where all the parameter are listed together. I will correct that before the RFC publication. Thanks! EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Stephen McKamey > Sent: Thursday, October 29, 2009 5:47 PM > To: OAuth > Subject: [oauth] oauth_callback when using Authorization header? > > > The OAuth 1.0a spec is a little unclear about this so I thought I'd > ask. When sending oauth params via the Authorization header, where > does oauth_callback go? With the rest of the OAuth params in the > header, or where the API params would go (i.e. query string or post > data)? > > HTTP Auth header feels like the right choice (keep all "oauth_" > together) but there isn't a definitive answer in the spec. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
