[oauth] Re: Signing PUT request

2009-09-17 Thread Eran Hammer-Lahav
OAuth Core 1.0 (or a) does *not* include PUT body parameters in the signature base string. That is a bug which I already fixed a while back in the very first I-D: o Removed restriction of only signing application/ x-www-form-urlencoded in POST requests, allowing the entity-body

[oauth] Re: Signing PUT request

2009-09-17 Thread Hannes Tydén
On Sep 17, 9:55 am, Eran Hammer-Lahav wrote: > OAuth Core 1.0 (or a) does *not* include PUT body parameters in the signature > base string. That is a bug which I already fixed a while back in the very > first I-D: Thank you for your clarification. But is this just a draft and would you recomme

[oauth] Re: Signing PUT request

2009-09-17 Thread Hannes Tydén
On Sep 17, 9:55 am, Eran Hammer-Lahav wrote: > OAuth Core 1.0 (or a) does *not* include PUT body parameters in the signature > base string. That is a bug which I already fixed a while back in the very > first I-D: Re-reading you post made me realize that this _is_ a bug is in the 1.0 spec. Wha

moving OAuth forward (was: Re: [oauth] Re: Signing PUT request)

2009-09-17 Thread Peter Saint-Andre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/17/09 4:23 AM, Hannes Tydén wrote: > What is the outlook to when the spec submitted to the IETF > to be an official spec? We need people to carefully review the Internet-Drafts and post to the oa...@ietf.org list with their feedback or input is

[oauth] PHP Implementation of an OAuth Store for Amazon SimpleDB

2009-09-17 Thread joelg
I am implementing OAuth for delegated access to our API for OnePage (http://myOnePage.com). We are using SimpleDB for our database. Does anyone know of a PHP OAuthStore implementation for SimpleDB? Or any other language for that matter, would be useful. If I don't find anything, I shall be codin

[oauth] Re: Signing PUT request

2009-09-17 Thread Eran Hammer-Lahav
It is only a bug in the sense that the 'POST' limitation was put in there at some point without an actual explicit consensus. What this means is that as the spec editor I do not have an recollection that we put it there for a reason, and it is obviously creating problems. It was not the authors

[oauth] Re: Signing PUT request

2009-09-17 Thread Eran Hammer-Lahav
> -Original Message- > From: oauth@googlegroups.com [mailto:oa...@googlegroups.com] On Behalf > Of Hannes Tydén > Sent: Thursday, September 17, 2009 3:02 AM > To: OAuth > Subject: [oauth] Re: Signing PUT request > > > On Sep 17, 9:55 am, Eran Hammer-Lahav wrote: > > OAuth Core 1.0 (or

[oauth] Re: Signing PUT request

2009-09-17 Thread Hans Granqvist
> Too bad very few people actually bother to read the IETF drafts and provide > feedback. For the record, I had to restrain myself in that last sentence from > using offensive language. There is no indication @ http://oauth.net/documentation/ that one is supposed to read and discuss IETF drafts