Section 7 of http://tools.ietf.org/html/draft-ietf-oauth-v2-15 gives examples of how to access protected resources. All of the examples use GET.
Our protected resources are identified by a query, which might be a few kilobytes. I'm concerned that this may not fit inside the length limitation on GET's for some web servers. Our present implementation does a POST instead. Definition-by-example is easy to understand, but it is not good at unambiguously specifying the boundary of permitted behavior. Was the spec meant to allow using HTTP operations other than GET to access protected resources? _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
