Hi everybody, I'm in pain figuring out whether the oauth_verifier can be sent back from the consumer to the provider in the body of a POST request when other parameters are sent in the authorization header.
Here is my situation: I provide an API with OAuth, and one of our users complains he cannot get an access token. Looking at the request, he sent "usual" signature parameters in the header, and sent the oauth_verifier in the body. * Looking at the spec in the section about sending parameters to the provider (http://oauth.net/core/1.0a#consumer_req_param), parameters should be sent in the authorization header (prefered) or in the request body (second choice) or (... we don't care about this one). But it is not forbidden to mix the places ! * Looking at the 9.1.1 part (http://oauth.net/core/1.0a#anchor13) about collecting the consumer's parameters, the parameters must be collected from various places. So it seems that the consumer can mix the places. So I have 2 questions: 1. Can the consumer send oauth parameters from various places (I understand oauth parameter as being part of the signature) ? 2. Is the oauth_verifier parameter, sent to the provider when requesting an access token, a parameter part of the signature, or just a request parameter? My understanding is that oauth_verifier is a regular oauth parameter, so it's part of the signature, and that all signature should be included in a single place. He tells me that the library he uses (a .net lib) works well with Twitter and Google amongst others. But it won't work with the one I use (Ruby OAuth + Rails OAuth plugin). Who's right here? Thanks, Florent. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
