diff options
author | Jonathan Huot <JonathanHuot@users.noreply.github.com> | 2018-10-04 15:57:43 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-04 15:57:43 +0200 |
commit | acad826027afee4f14f0f9cc9d0d139a2b5960f0 (patch) | |
tree | a4272cd0233a89468d301a87e58ea1fc16856a22 | |
parent | abfa99ff61a9e9a308763284947040ba63e83dfb (diff) | |
parent | b618e0e1aea3b2f11c54b007d092732b817ffa79 (diff) | |
download | oauthlib-acad826027afee4f14f0f9cc9d0d139a2b5960f0.tar.gz |
Merge pull request #583 from ngoue/master
Mention `oauth_body_hash` in OAuth1 client docs
-rw-r--r-- | docs/oauth1/client.rst | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/docs/oauth1/client.rst b/docs/oauth1/client.rst index 741374e..ec6bdd7 100644 --- a/docs/oauth1/client.rst +++ b/docs/oauth1/client.rst @@ -52,15 +52,23 @@ Using the Client **Request body** The OAuth 1 spec only covers signing of x-www-url-formencoded information. - If you are sending some other kind of data in the body (say, multipart file - uploads), these don't count as a body for the purposes of signing. Don't - provide the body to Client.sign() if it isn't x-www-url-formencoded data. For convenience, you can pass body data in one of three ways: * a dictionary * an iterable of 2-tuples * a properly-formatted x-www-url-formencoded string + + If you are sending some other kind of data in the body, an additional + `oauth_body_hash` parameter will be included with the request. This parameter + provides an integrity check on non-formencoded request bodies. + + *IMPORTANT* This extension is forward compatible: Service Providers that + have not implemented this extension can verify requests sent by Consumers + that have implemented this extension. If the Service Provider implements + this specification the integrity of the body is guaranteed. If the + Service Provider does not check body signatures, the remainder of the + request will still validate using the OAuth Core signature algorithm. **RSA Signatures** |