> -----Original Message----- > From: Marius Scurtescu [mailto:[email protected]] > Sent: Wednesday, April 21, 2010 5:22 PM > To: Eran Hammer-Lahav > Cc: OAuth WG > Subject: Re: [OAUTH-WG] feedback on 4/17 draft > > On Wed, Apr 21, 2010 at 5:15 PM, Eran Hammer-Lahav > <[email protected]> wrote: > >> >> 5.2.2 > >> >> > >> >> If the entity body includes other parameters, is it worth > >> >> requiring that oauth_token be the first one? > >> > > >> > Why not last? > >> > >> If was just following the same convention as in OAuth 1.0, see RFC > >> 5849, section 3.5.2. > > > > I did get a kick from you referencing RFC 5849. It took me a second... > > :-) > > Glad you liked it. > > > > Which BTW says: > > > > The entity-body MAY include other request-specific parameters, in > > which case, the protocol parameters SHOULD be appended following the > > request-specific parameters, properly separated by an "&" character > > (ASCII code 38). > > > > As in... last. > > You are right, my mistake.
OCD is an editor's best friend. > I thought the reason it should be first, and also single part, is to help > proxies > or filters to grab just the beginning of the body and decide if there is any > oauth stuff there. It's last to be less intrusive to the protected resource request. EHL _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
