Yep, not used. http://oauth.googlecode.com/svn/spec/core/unofficial/1.0ec/drafts/1/spec.html#anchor10
EHL On 4/6/09 8:02 PM, "Andrew Arnott" <[email protected]> wrote: I have a working OAuth consumer against Google's SP when using HMAC-SHA1, but when I switch to RSA-SHA1, all requests still work until I request access to a protected resource using the access token. It's probably how I'm signing the message with the private key in the x509 certificate. I don't think I'm using the token_secret anywhere here. With HMAC-SHA1, you concatenate the consumer and token secrets together for the key. But what do I do for RSA-SHA1 signing, since the key is just the cert? It seems the token_secret is unused? -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
