Marc's correct - the intent of the spec is to sign all parameters, query string and x-www-form-urlencoded alike, for exactly the reasons that Manish notes.
b. On Thu, Apr 30, 2009 at 10:11 AM, Marc Worrell <ma...@pobox.com> wrote: > > > On 30 apr 2009, at 04:53, Manish Pandit wrote: >> On Apr 29, 6:26 pm, Andrew Arnott <andrewarn...@gmail.com> wrote: >>> - HTTP GET parameters added to the URLs in the query part (as >>> defined by >>> [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): >>> Generic >>> Syntax,” .) <http://oauth.net/core/1.0/#RFC3986> section 3). > > This wording is a bit confusing. What is meant with "GET" are the > parameters in the query part of the URI. > > In practice, all parameters (from POST and query string) are collected > and signed. > > - Marc > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---