This occurred to me after I sent that previous email -- and, just as you describe, this makes a lot of sense. I'm basically attempting a replay attack on myself.... And it also makes sense that the request sent without the "code" query parameter goes through the authorization step. I need to figure out how to send the Oauth token with each request to the protected resource.
-------------------------- John Wismar Alldata Technology 916-478-3296 > -----Original Message----- > From: Martin Svensson [mailto:[email protected]] > Sent: Wednesday, July 20, 2011 6:08 PM > To: [email protected] > Subject: RE: OAuth extension in Incubator > > This is actually expected behavior. If you access the resource again but > removing the code you will be able to access it, the problem is that it tries > to > generate a token from an old code. We are working on removing the code > once the authorization is complete but that requires an additional redirect. > Another thing you also might want to consider is to save your token so it is > not regenerated in every request. If you like I can provide some useful code > for this. > > cheers, > > martin > > ------------------------------------------------------ > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId > =2799070 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2800131
