A couple of editorial notes: 3.2 has a mismatch of parameters between the example and the text (eg, "using access token j92fsdjf094gjfdi,..." where h480djs93hd8 from 1.1 is used in the example). The timestamp and nonce are also mismatched, though bodyhash seems correct. As a result, the signature is invalid for the example.
3.3.1 gives an example of a request but doesn't provide the secret or a signature. It's not necessary here, but adding a valid Authentication header for this line as well as "using.... secret...algorithm" statement gives implementors more information to validate their work against the spec. Adding the algorithm for the token/secret would also inform the method implied (sha1) for the body hash in this example. If these two issues are resolved, the spec gives 3 clear examples (eg, test case) for implementors to confirm their understanding of the signature process. It's a valuable side-effect with very little effort or distraction. skylar On Jan 22, 2011, at 2:09 AM, Eran Hammer-Lahav wrote: > http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-02 > > New version includes the following changes: > > o Added body-hash support. > o Updated OAuth 2.0 reference to -12 and added token type registration > template. > o Removed error and error URI attributes (codes were just a duplication > of the HTTP status codes). > > Feedback would be greatly appreciated. > > EHL > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
