Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Exclude oauth_* parameters from POST request body #34

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants

nikz commented Mar 20, 2013

...ests.

The OAuth Specification says that requests should include the protocol parameters in EITHER the Authorization: HTTP header OR the request body, and to prefer the Header method. We're already using the header, so we can skip including them in the request body.

The relevant section of the specification is: http://tools.ietf.org/html/rfc5849#section-3.5.

(Hopefully my Objective-C is OK! Corrections welcomed! 😄)

Note that this fixes interaction with some of the more strict APIs, such as that provided by Xero

@nikz nikz Exclude "oauth_*" (aka "protocol parameters") from the body of POST r…
…equests.

The OAuth Specification says that requests should include the protocol parameters in EITHER the Authorization: HTTP header OR the request body, and to prefer the Header method. We're already using the header, so we can skip including them in the request body.

The relevant section of the specification is: http://tools.ietf.org/html/rfc5849#section-3.5.

(Hopefully my Objective-C is OK! Corrections welcomed! 😄)
1adb097
Contributor

mattt commented May 7, 2013

Fixed by #33. Thanks again!

@mattt mattt closed this May 7, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment