OAuth Conundrum

[Tom Hughes]

One of the last issues I resolved with the rails 3 tree was that 
Potlatch was unable to authenticate with OAuth.

The problem eventually turned out to be with the fact that, because of 
flash limiations, Potlatch can't use PUT so has to do a POST with the 
special header set that causes rails to treat it as a PUT instead.

Now Potlatch is signing those requests as PUT requests, but it seems 
that the oauth plugin for rails 3 is validating that as POST requests 
instead and hence the signatures don't match.

I've "fixed" it for now by monkey patching the oauth plugin to make it 
use the faked up rails level request type rather than the real HTTP evel 
request type, but I'm wondering what people think is "correct" here in 
terms of how the request should be signed?

Tom

-- 
Tom Hughes (tom at compton.nu)
http://compton.nu/