OpenID Auth 2.0 and user-agent neutrality (or, OpenID withREST/SOAP)
Johnny Bufu
johnny at sxip.com
Mon Nov 20 21:46:47 UTC 2006
David,
On 20-Nov-06, at 1:35 PM, Recordon, David wrote:
> We still need to add rules around what to do if both a GET and POST
> parameter with the same name exist.
This seems to be already covered, under the "HTTP Encoding" section:
When a message is sent as a POST, the application processing
the HTTP request MUST only use the values in the POST body
and MUST ignore any GET parameters.
Not sure if it needs to be emphasized.
Johnny
More information about the specs
mailing list