0

I'm using OAuth 1.0 to sign requests i'm sending via http POST.

My question is, does the server that receives the payload generate the signature based on ALL the fields sent in the form, or only ones it cares about?

I'm using a web framework that inserts some extra fields for its own purpose, and i wondered if these could be interfering with the OAuth signature generation process on the server?

horseyguy
  • 29,455
  • 20
  • 103
  • 145

1 Answers1

1

The spec says that all params (post and get) are used in generating the oauth_signature. So, I guess they are interfering with the signature process. But, if they are added and accounted in generating the signature, then it should be OK.

Uzbekjon
  • 11,655
  • 3
  • 37
  • 54
  • Thanks a lot! I verified its interferring indeed. I posted a follow up question here that you might be able to help with? http://stackoverflow.com/questions/43796571/how-to-exclude-commit-field-from-rails-post-payload – horseyguy May 05 '17 at 04:35