Sounds reasonable. If you're computing signatures then you certainly can set an authorization header.
On Tue, Mar 30, 2010 at 9:25 PM, Brian Eaton <[email protected]> wrote: > On Tue, Mar 30, 2010 at 9:20 PM, Eran Hammer-Lahav <[email protected]> > wrote: >> The makes client request parameter much simpler as the only parameter >> "invading" the URI or body space of the request is oauth_token. Anything >> else is limited to the header. > > Why would oauth_token ever hit the URI or body in a signed request? > >> Thoughts? If you are not a fan, please reply with a use case. > > I am a fan. +1. > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
