The version parameter is only included if it is explicitly sent with the request. I will make this more explicit in the spec before publication.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Peter Saint-Andre > Sent: Wednesday, November 04, 2009 8:54 AM > To: [email protected] > Subject: [oauth] Re: build signature base string > > > On 11/4/09 9:46 AM, Paul Walker wrote: > > Do you mean, "the Service Provider MUST exclude the oauth_version > > parameter when calculating the signature if not present in the > > Consumer request?" > > > > While that should be implied by the fact that the spec labels the > > parameter optional, library developers still often miss it. +1 to > > making it more explicit. > > Sorry, I did not include complete text from the Internet-Draft. > > See http://tools.ietf.org/html/draft-hammer-oauth-03#section-3.3.1 > > That says in part: > > 3.3.1.1. Collect Request Parameters > > > The signature base string includes a specific set of request > parameters.... > > <snip/> > > The request parameters, which include both protocol parameters and > request-specific parameters, are extracted and restored to their > original unencoded form, from the following sources: > > o The OAuth HTTP Authorization header (Section 3.4.1). The "realm" > parameter MUST be excluded if present. > > o The HTTP request entity-body, but only if: > > * The entity-body is single-part. > > * The entity-body follows the encoding requirements of the > "application/x-www-form-urlencoded" content-type as defined by > [W3C.REC-html40-19980424]. > > * The HTTP request entity-header includes the "Content-Type" > header set to "application/x-www-form-urlencoded". > > o The query component of the HTTP request URI as defined by > [RFC3986] section 3. > > The "oauth_signature" parameter MUST be excluded if present. > > By my reading, that means "the signature base string includes all > protocol parameters and request-specific parameters *except* the > oauth_signature parameter", but if greater clarity is needed then the > spec can be updated. > > Peter > > -- > Peter Saint-Andre > https://stpeter.im/ > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
