While odd, this is a perfectly legal GET request with a form-encoded body. EHL
On 4/7/10 3:33 AM, "Greg Beech" <[email protected]> wrote: Hi I noticed that there is an error in the example for section 3.4.1.1 in the latest OAuth draft. The example of building a signature base string uses the following request as an example (note the extraneous query parameters at the bottom): GET /request?b5=%3D%253D&a3=a&c%40=&a2=r%20b HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm="Example", oauth_consumer_key="9djdj82h48djs9d2", oauth_token="kkk9d7dh3k39sjv7", oauth_signature_method="HMAC-SHA1", oauth_timestamp="137131201", oauth_nonce="7d8f3e4a", oauth_signature="djosJKDKJSD8743243%2Fjdk33klY%3D" c2&a3=2+q I believe that this should be as follows, which will cause the documented signature base string to be constructed: GET /request?b5=%3D%253D&a3=a&c%40=&a2=r%20b&c2=&a3=2+q HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm="Example", oauth_consumer_key="9djdj82h48djs9d2", oauth_token="kkk9d7dh3k39sjv7", oauth_signature_method="HMAC-SHA1", oauth_timestamp="137131201", oauth_nonce="7d8f3e4a", oauth_signature="djosJKDKJSD8743243%2Fjdk33klY%3D" Apologies if this is a duplicate comment; I searched the archives but could not find any reference to this issue. -- Greg Blinkbox Entertainment Ltd - The best movies & TV online | Greg Beech | Senior Development Engineer Lead | +44 20 7092 8700 | +44 7970 480901 _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
