Mention `oauth_body_hash` in OAuth1 client docs

While the previous documentation was not wrong in that non-formencoded data are not included in the signature for traditional OAuth1 service providers, the library does still include an `oauth_body_hash` for non-formencoded data. 

Update the documentation to include mention of the `oauth_body_hash` with a notice that validation of said parameter may not be supported by all service providers, but will nevertheless provide an additional integrity check for those that do support it.

1 files changed, 11 insertions, 3 deletions

diff --git a/docs/oauth1/client.rst b/docs/oauth1/client.rst
index 741374e..ec6bdd7 100644
--- a/docs/oauth1/client.rst
+++ b/docs/oauth1/client.rst
@@ -52,15 +52,23 @@ Using the Client
 **Request body**
 
     The OAuth 1 spec only covers signing of x-www-url-formencoded information.
-    If you are sending some other kind of data in the body (say, multipart file
-    uploads), these don't count as a body for the purposes of signing. Don't
-    provide the body to Client.sign() if it isn't x-www-url-formencoded data.
 
     For convenience, you can pass body data in one of three ways:
 
     * a dictionary
     * an iterable of 2-tuples
     * a properly-formatted x-www-url-formencoded string
+    
+    If you are sending some other kind of data in the body, an additional
+    `oauth_body_hash` parameter will be included with the request. This parameter
+    provides an integrity check on non-formencoded request bodies.
+    
+    *IMPORTANT* This extension is forward compatible: Service Providers that 
+    have not implemented this extension can verify requests sent by Consumers 
+    that have implemented this extension.  If the Service Provider implements
+    this specification the integrity of the body is guaranteed.  If the
+    Service Provider does not check body signatures, the remainder of the
+    request will still validate using the OAuth Core signature algorithm.
 
 **RSA Signatures**