never mind. it turned out the issue was that OAuthAccessor.tokenSecret was NULL... Java OAuth happily concatenated the access token and NULL to a new string secret which of course didn't match the one on the server...
On Mar 17, 11:34 am, matthias <[email protected]> wrote: > I am running into trouble lately authenticating POST requests to > resources on our web service. I always receive a 401 for such > requests. > > I debugged the entire client/server communication and it seems that > client and server compute different signatures for the exact same > signature base string (using HMAC-SHA1). I did a diff on the SBS > constructed on both the client and the server, and they are identical. > Still, base64(hmac-sha1(sbs)) returns different results on the client > and the server! > > Here is an example SBS of mine: > POST&http%3A%2F%2F10.0.2.2%3A8889%2Fv1%2Fplaces%2F3125%2Freviews&lang > %3Den%26oauth_consumer_key%3D88IRfEDu6A7qEelPP4mRXQ%26oauth_nonce > %3D639362338427%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp > %3D1237285006%26oauth_token%3DXXj8vAhYXZRTQ6lA8IPEEA%26oauth_version > %3D1.0 > > Is there an obvious explanation for this, or maybe a less obvious one? > I'm out of ideas here. :-/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
