Brian, thanks for reading through the document and setting fire to the strawman
within.
Very good call on the hash inputs, I think you’re definitely right. I’m not
sure how best to handle that apart from some kind of out-of-band delimiter.
Maybe we should hash a dot-separated base64 encoded
Yeah, that kind of escaping really burned people in OAuth 1.0, and I’d like to
avoid it. One problem is that it’s hard to tell whether something’s been
escaped or not.
— Justin
On Jul 21, 2015, at 5:31 PM, John Bradley ve7...@ve7jtb.com wrote:
I was thinking that escaping would
I think I said, at the last meeting, that I would review
draft-ietf-oauth-signed-http-request, which was maybe foolish of me, but I
thought I should be timely and send something before the meeting tomorrow.
Even though the document isn't on the agenda.
Let me first say that I honestly don't know
