Jordi Fernandez

I agree with your points @gszr , although those are in relation to the headers. The order of the headers is not important because, as you point out, the client...

If you see the example in https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures#section-3.1.3, the headers that will be part of the signature are: `headers="(request-target) (created) host digest content-length"` Those headers can be received in any order,...

@gruceo @gszr let me know if my previous explanation helps clarifies the purpose of this PR.

Thanks for the review and changes @gszr . Regarding oauth2, I think the same fix should be applied there to avoid altering the query params ordering.

Thanks @bungle , that makes sense. Your proposal is a much better solution. Thanks for taking the time!

Hi @bungle , what are the next steps to close this topic?