A very common question: When the request has a body, is it valid to include the oauth_ parameters on the Query of the URI?
Yes, many of the libraries have the spec wrong, especially when it comes to the optional oauth_version parameter (many will add it automatically in it's verification of a signature for example even though it is not required). Yes, all of these things make OAuth difficult and lack of gumption with the stake holders on the specifics of the standard are very frustrating at times. I would like to add another question to the group: where is the appropriate place to posit OAuth questions right now? The IETF mailing list or this one? Where is the appropriate place for discussion of extensions? ~Paul On Nov 4, 2009, at 7:26 AM, mat...@gmail wrote > > It's really confusing and depends on provider or library which > provider is using. > That's why OAuth is difficult :( > > Best way is put id=foo in body. > > On 2009/11/04, at 19:50, k42b3 wrote: > >> >> hello, >> >> Iam currently implementing an oAuth consumer in PHP. I have a >> question >> while >> building the base string to sign my request >> (http://oauth.net/core/1.0a#sig_norm_param) >> >> I make an request that contains GET and POST variables i.e. >> >> ---------------------------------------- >> POST /some/api?id=foo HTTP/1.1 >> Host 127.0.0.1 >> Authorization: OAuth [parameters ...] >> Content-Type: application/x-www-form-urlencoded >> >> content=wusahh >> ---------------------------------------- >> >> my question is now should I use as request parameters the GET and >> POST >> variables >> or only the POST variables? In other words should I add >> "id=foo&content=wusahh" or >> "content=wusahh" to build the base string. >> >> The question occurs because I use the oAuth test server at >> http://term.ie/oauth/example/ >> to test my consumer ... but the implementation of this server tells >> me >> that I have a wrong >> base string when I use both but when I use only the POST vars it >> works. >> >> As I understand the specification I should use both (GET and POST) >> but >> plz correct me >> whether I understand that false or the implementation is wrong? >> >> >> best regards >> k42b3 >> >>> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
