Open GoogleCodeExporter opened 8 years ago
I intended this to be an enhancement, not a bug.
Original comment by justin.t...@gmail.com
on 17 Jun 2009 at 5:28
I'm reluctant to implement behavior that doesn't conform to the OAuth
specification,
which seems pretty clear: xoauth_ parameters should not be send in the
Authorization
header. http://oauth.net/core/1.0/#consumer_req_param
Why do you need this? Is there a service provider that requires it?
Original comment by jmkrist...@gmail.com
on 18 Jun 2009 at 4:54
The spec *prohibits* sending custom parameters with the "oauth_" prefix (section
4.2), but allows SPs to require others. The use of "xoauth" (or "x-oauth") is an
emerging solution, though far from standard or agreed. For me specifically,
some of
Intuit's services require "xoauth_".
The values need to be passed in the Authorization header so they are signed
along
with the other OAuth param values.
As you may be aware, there's also a discussion here:
http://wiki.opensocial.org/index.php?title=Gadgets.io_(v0.9)
http://wiki.oauth.net/Extensions
If you don't think it's right yet to support this in the library, ensuring that
the
appropriate methods in the OAuthMessage class are public or protected will at
least
mean we don't have fork the library source to support this. That'd be a big
help by
itself.
Original comment by justin.t...@gmail.com
on 18 Jun 2009 at 4:06
Original issue reported on code.google.com by
justin.t...@gmail.com
on 17 Jun 2009 at 5:27