RFC Errata
RFC 5849, "The OAuth 1.0 Protocol", April 2010
Note: This RFC has been obsoleted by RFC 6749
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 2549
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Alasdair McIntyre
Date Reported: 2010-10-12
Rejected by: Peter Saint-Andre
Date Rejected: 2010-11-18
Section 3.4.1.3.1. says:
For example, the HTTP request: POST /request?b5=%3D%253D&a3=a&c%40=&a2=r%20b HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm="Example", oauth_consumer_key="9djdj82h48djs9d2", oauth_token="kkk9d7dh3k39sjv7", oauth_signature_method="HMAC-SHA1", oauth_timestamp="137131201", oauth_nonce="7d8f3e4a", oauth_signature="djosJKDKJSD8743243%2Fjdk33klY%3D" c2&a3=2+q contains the following (fully decoded) parameters used in the signature base sting:
It should say:
For example, the HTTP request: POST /request?b5=%3D%253D&a3=a&c%40=&a2=r%20b HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded Authorization: OAuth realm="Example", oauth_consumer_key="9djdj82h48djs9d2", oauth_token="kkk9d7dh3k39sjv7", oauth_signature_method="HMAC-SHA1", oauth_timestamp="137131201", oauth_nonce="7d8f3e4a", oauth_signature="bYT5CMsGcbgUdFHObYMEfcx6bsw%3D" c2&a3=2+q contains the following (fully decoded) parameters used in the signature base sting:
Notes:
It looks like "GET" was updated to "POST" in a previous revision, but the oauth_signature was not updated at the same time. All other instances of this change from GET to POST did have the oauth_signature field correctly updated.
--VERIFIER NOTES--
Peter: This is superseded by erratum #2550.