On Wed, Apr 21, 2010 at 5:15 PM, Eran Hammer-Lahav <[email protected]> wrote: >> >> 5.2.2 >> >> >> >> If the entity body includes other parameters, is it worth requiring >> >> that oauth_token be the first one? >> > >> > Why not last? >> >> If was just following the same convention as in OAuth 1.0, see RFC 5849, >> section 3.5.2. > > I did get a kick from you referencing RFC 5849. It took me a second... :-)
Glad you liked it. > Which BTW says: > > The entity-body MAY include other request-specific parameters, in > which case, the protocol parameters SHOULD be appended following the > request-specific parameters, properly separated by an "&" character > (ASCII code 38). > > As in... last. You are right, my mistake. I thought the reason it should be first, and also single part, is to help proxies or filters to grab just the beginning of the body and decide if there is any oauth stuff there. Marius _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
