o The HTTP request entity-body, but only if all of the following
conditions are met:
* The entity-body is single-part.
* The entity-body follows the encoding requirements of the
"application/x-www-form-urlencoded" content-type as defined by
[W3C.REC-html40-19980424].
* The HTTP request entity-header includes the "Content-Type"
header field set to "application/x-www-form-urlencoded".
In particular it seems that this library is always including the body regardless of the content-type.
The issue was alluded to in this issue https://github.com/ddo/oauth-1.0a/issues/60 but I don't think any changes were made to the library. The OP there indicates he hacked it to not include the body based on a parameter.
According to the oauth1a standard the body should only be included under certain specific conditions:
https://datatracker.ietf.org/doc/html/rfc5849#section-3.4.1.3
In particular it seems that this library is always including the body regardless of the content-type.
The issue was alluded to in this issue https://github.com/ddo/oauth-1.0a/issues/60 but I don't think any changes were made to the library. The OP there indicates he hacked it to not include the body based on a parameter.