I think it's perfectly reasonably - if inside the service you need to rewrite the URI, it's not hard to preserve the original as an extra header or ENV.
We have a HMAC-sha1 implementation in production where the load balancer (nginx) may rewrite the URI before passing it to a java app that authenticates the request, so the original URI is set as a new header and used to calculate the HMAC in java. -Peter On Mon, Apr 18, 2011 at 3:26 PM, Eran Hammer-Lahav <[email protected]> wrote: > I would like to drop all the request URI parameters normalization logic and > just use the raw request URI instead. A year ago during the discussion on my > Token authentication scheme (which had that behavior specified), some people > raised the issue that access to the raw request URI isn’t always possible on > the client or server. This feels like a limitation that is no longer a real > problem for any modern web development environment. > > > > If you know of actual deployment issues with using the raw request URI > instead of the parameter parsing and sorting voodoo, please let me know. > Otherwise, the next draft will drop that entire section. > > > > EHL > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > -- Peter M. Wolanin, Ph.D. : Momentum Specialist, Acquia. Inc. [email protected] : 978-296-5247 "Get a free, hosted Drupal 7 site: http://www.drupalgardens.com"; _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
