I have noticed a lot of libraries seem to include the version parameter in generating matching server signatures even when it is not included in the client request. I think the text is rather clear, but maybe not clear enough for some *shrug*.
On Nov 19, 2009, at 7:13 AM, Eran Hammer-Lahav wrote: > The version parameter refers to the signature process which has not > changed. It is best to simply omit the parameter on the client, and > only include it in the signature on the server if it is received. > > EHL > >> -----Original Message----- >> From: rob ganly [mailto:[email protected]] >> Sent: Thursday, November 19, 2009 3:44 AM >> To: OAuth >> Subject: [oauth] oauth_version parameter >> >> hi all, >> >> i'm implementing version 1.0a (thus including a callback parameter >> etc.). >> however i understand from the 1.0a spec that 'if present' the >> oauth_version >> param "must be '1.0'", and that if it is not present my service >> provider MUST >> assume that it is version 1.0. >> >> where does that leave room for specifying 1.0a? (i understand this >> is done by >> the recognition of a callback etc. but the above statements seem to >> imply >> that the version is always 1.0). could anyone explain this? can i >> thus assume >> that the oauth_version param is completely redundant? >> >> i have checked out the 'OAuth Core 1.0 Rev A, Draft 1' and a couple >> of other >> discussions but i didn't find a satisfying conclusion to them. >> >> rob ganly >> >> -- >> >> You received this message because you are subscribed to the Google >> Groups >> "OAuth" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/oauth?hl=. >> > > -- > > You received this message because you are subscribed to the Google > Groups "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected] > . > For more options, visit this group at > http://groups.google.com/group/oauth?hl= > . > > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=.
