-Doug Tangren
http://lessis.me
On Mon, May 16, 2011 at 4:06 AM, Eran Hammer-Lahav wrote:
> The attributes serves both as a flag to indicate that a body hash has been
> included, but also to allow validation of the request (excluding the body)
> before the body is received.
>
>
Makes sense. Thank
, 2011 7:31 PM
To: oauth@ietf.org
Subject: [OAUTH-WG] purpose of client sending bodyhash in mac authorized
requests
I'm implementing a mac authorization module for request handling library [1]
based on the latest mac spec. I ran into a curious implementation detail having
do with the bodyhash
I'm implementing a mac authorization module for request handling library [1]
based on the latest mac spec. I ran into a curious implementation detail
having do with the bodyhash value passed in by the client.
Here [2], it says the server should recalculate the bodyhash if the client
passes one in.