Hi kthrtty,
You shouldn't put non-protocol parameters in OAuth Authorization header.
I had met a problem between our OAuth server and shindig (open-source
OpenSocial container) before, because of this OAuth spec ambiguity.
At that time, shindig had been using the header to send OpenSocial
Dear experts.
I read the two specifications(community/ietf hammer draft), and
confused to
interprete those specs about regulation of additional parameters.
*This mail is reposted.*
(It was posted to IETF OAUTH-WG, but it seems not to be suit for the
ML's purpose.)
- Community