oauth_version is also being omitted (which is often defaulted in various libraries), making it a little trickier to compare things.
seth On Wed, Feb 4, 2009 at 4:16 PM, Seth Fitzsimmons <[email protected]> wrote: > Fair enough. > > Upon further investigation, the "nonce" and "timestamp" fields aren't > being respected (they're being generated regardless of input). > > seth > > On Wed, Feb 4, 2009 at 4:10 PM, jr conlin <[email protected]> wrote: >> >> Sure, I'll see what I can do about dumping that. (Possibly as an >> "advanced" feature.) >> >> The API Key /Shared Secret is something that we use, partly because we >> discovered a good deal of confusion about what "consumer" meant. (For >> that matter, folks didn't understand the difference between "oauth" and >> "consumer" either and would frequently swap them.) Since we provide the >> key/secret with that term, I stuck with it here. >> >> Seth Fitzsimmons wrote: >>> Hey JR. >>> >>> This is great. It would be really helpful if you dumped the >>> normalized parameter string and the signature base string as well as >>> allowing the method to be overridden. I've found that the signature >>> base string is usually the piece that doesn't match between >>> implementations, so being able to compare them is really valuable. >>> >>> Is there a reason that you're using the "Api key" / "Shared secret" >>> terminology instead of "Consumer key" / "Consumer secret"? >>> >>> seth >>> >>> On Wed, Feb 4, 2009 at 3:29 PM, jr conlin <[email protected]> wrote: >>> >>>> Hi all, >>>> >>>> My apologies for being a slug and not staying on top of the OAuth >>>> Library stuff, but I did want to pass along one tool I just pushed live. >>>> >>>> http://developer.netflix.com/resources/OAuthTest >>>> >>>> provides a third party page to prove your OAuth HMAC-SHA1 signature >>>> generation, and allows you to set the nonce and timestamp in order to >>>> validate that your signature matches the signature I'm generating. >>>> >>>> Considering the number of times I've been asked in forums about "why is >>>> my signature generated by library X being rejected?", I figured it might >>>> be helpful to have something like this. >>>> >>>> Although it's targeted for Netflix, it's obviously not restricted to >>>> only Netflix calls. It also doesn't fetch or store tokens or secrets, so >>>> you'd have to provide your own. >>>> >>>> Let me know if you have any questions or comments about this. (I'd love >>>> to hear that someone else had already built something like this, but the >>>> term.ie form seems to be more targeted toward fetching the request token.) >>>> >>>> >>> >>> > >>> >>> >> >> >> >> >> > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
