Agreed, good catch, that means that it has to be added to SignatureMethods methods signature, since in client/server we have totally different statuses. Something cheated me, thanks for the advice :) Simo
http://people.apache.org/~simonetripodi/ http://www.99soft.org/ On Fri, Jul 9, 2010 at 12:30 PM, Pid <[email protected]> wrote: > On 09/07/2010 11:03, Simone Tripodi wrote: >> The token secret (aka secret credential) is required (empty, if not >> known) to generate signatures (at least to PLAINTEX and HMAC methods), >> so sounds it is currently missing in the SignatureMethod methods >> signatures >> >> OR >> >> has to be added in the OAuthRequest ??? > > Yes - we'll need it somewhere. > > Maybe the request could have an OAuthToken getToken() method and we'll > store the token component(s) separately from the other values? > > In client mode it would be available in the token. > > In server mode we'd have to look it up from the TokenStorage, using the > key supplied in the request and update the token before passing it to > SignatureMethod. > > > p > >> I'd suggest for the second option, WDYT? >> >> Thanks in advance, have a nice day! >> Simo >> >> http://people.apache.org/~simonetripodi/ >> http://www.99soft.org/ > > >
