> -----Original Message-----
> From: Marius Scurtescu [mailto:[email protected]]
> Sent: Wednesday, April 21, 2010 5:22 PM
> To: Eran Hammer-Lahav
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] feedback on 4/17 draft
> 
> On Wed, Apr 21, 2010 at 5:15 PM, Eran Hammer-Lahav
> <[email protected]> wrote:
> >> >> 5.2.2
> >> >>
> >> >> If the entity body includes other parameters, is it worth
> >> >> requiring that oauth_token be the first one?
> >> >
> >> > Why not last?
> >>
> >> If was just following the same convention as in OAuth 1.0, see RFC
> >> 5849, section 3.5.2.
> >
> > I did get a kick from you referencing RFC 5849. It took me a second...
> > :-)
> 
> Glad you liked it.
> 
> 
> > Which BTW says:
> >
> >   The entity-body MAY include other request-specific parameters, in
> >   which case, the protocol parameters SHOULD be appended following the
> >   request-specific parameters, properly separated by an "&" character
> >   (ASCII code 38).
> >
> > As in... last.
> 
> You are right, my mistake.

OCD is an editor's best friend.

> I thought the reason it should be first, and also single part, is to help 
> proxies
> or filters to grab just the beginning of the body and decide if there is any
> oauth stuff there.

It's last to be less intrusive to the protected resource request.

EHL
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to