On Apr 24, 6:02 pm, Scott Seely <sse...@myspace-inc.com> wrote:
> The OAuth spec is silent on how to handle section 5.2 when an HTTP PUT
> |POST might be used to send in OAuth parameters AND resource content.
> For example, an OpenSocial endpoint uses OAuth for authentication and
> may post an XML encoded version of a Person. In this case, does a
> compatible OAuth endpoint have to accept OAuth parameters in the POST
> body or can it choose to only look for parameters in the HTTP
> Authorization header and on the query string?
>
> Scott Seely
>
> architect
>
> email sse...@myspace.com
I'd think that a provider should document where they expect the
parameters, if they do not support all 3. If they do support all 3,
then they need to provide an order of precedence, that is if they even
allow putting oauth params at more than 1 method.
If you look at the editor's cut (http://oauth.googlecode.com/svn/spec/
core/unofficial/1.0ec/drafts/1/spec.html), it sheds a little more
light on this issue in section 3.4. A disclaimer here - the editor's
cut is not an official version, but you can co-relate the information
for reference and clarity.
-cheers,
Manish
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
