This is one of the reasons why we simplified signatures in WRAP. Yahoo and other Service Providers have architectures where incoming requests are proxied and forwarded the public facing hostname and even the path that¹s exposed to the consumer can be very different than the origin server ends up servicing the request.
In WRAP, the client just passes the Access Token in the request this is exactly the same model as ³Cookie Auth² for web browsers. Allen On 2/13/10 9:51 AM, "Vinod facebook" <vinod.faceb...@gmail.com> wrote: > I implemented oauth in Java and I faced the same signature invalid issue. I > broke my head for about 2 weeks before I found a solution. Anyways this was > the problem. I was running my app on a box which was sitting behind an apache > webserver machine. So when I send out requests for any end point, the > opensocial container used to sign the requests with my public IP address and > while verifying the response from my end, the IP with which I would be signing > was my local server's which was sitting behind my apache. Hence there was a > mismatch and it used to fire the signature invalid exception everytime. After > finding this out, I fixed the issue by replacing the IP in my oauth message > with that of my public IP before I do a validation. Now it works like a charm. > Hope this -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.