Hi! The correct way would be to use the HTTP "Authorization" header. Both methods which you have mentioned are basically fallbacks for that semantically correct "Authorization" header.
If you can't use that, however, I would say 1) is better than 2) because as per the specification the signature in the body implies a application/x-www-form-urlencoded content type which usually is not the case if you use PUT. OAuth libraries should handle that as well. Regards, Lukas Rosenstock 2010/4/16 AriB <ariel.boludov...@gmail.com> > > Hi, > > when sending HTTP POST or PUT requests with Oauth, which is the right > request format, 1) or 2)? > > Thanks in advance, > > AB > > 1) > > PUT > > http://www.mycompany.com:8080/blahblah?oauth_signature_method=HMAC-SHA1&oauth_token=blahblah&oauth_consumer_key=blahblah&oauth_timestamp=1271415739&oauth_nonce=14979237328487&oauth_version=1.0&oauth_signature=BZ5yz0cPta7Qs2PPzVD%2F6aDG6Gk%3D > > POST data: > myrequestbodyhere > > [no cookies] > > Request Headers: > Connection: keep-alive > Content-Type: application/x-www-form-urlencoded; charset=UTF-8 > Content-Length: 10 > > 2) > > PUT http://www.mycompany.com:8080/blahblah > > POST data: > oauth_signature_method=HMAC- > > SHA1&oauth_token=blahblah&oauth_consumer_key=blahblah&oauth_timestamp=1271415739&oauth_nonce=14979237328487&oauth_version=1.0&oauth_signature=BZ5yz0cPta7Qs2PPzVD > %2F6aDG6Gk%3D > > myrequestbodyhere > > [no cookies] > > Request Headers: > Connection: keep-alive > Content-Type: application/x-www-form-urlencoded; charset=UTF-8 > Content-Length: 10 > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to oa...@googlegroups.com. > To unsubscribe from this group, send email to > oauth+unsubscr...@googlegroups.com <oauth%2bunsubscr...@googlegroups.com>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > -- http://lukasrosenstock.net/ -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
