Thanks, Eran. Then obviously my first three requests are being signed correctly since Google is accepting them (and tampering with the signature causes Google to reject them), but when I actually try to pull the Gmail address book, which works when using HMAC-SHA1, I'm getting a 401 with only this: <HTML>\n<HEAD>\n<TITLE>Unknown authorization header</TITLE>\n</HEAD>\n<BODY BGCOLOR=\"#FFFFFF\" TEXT=\"#000000\">\n<H1>Unknown authorization header</H1>\n<H2>Error 401</H2>\n</BODY>\n</HTML>\n
Here's the authorization header sent with the request: OAuth oauth_token="1%2FqzjEGXkYKijvCjmnZsqdcmATiaQZnWPB51nTvo8n9Sw",oauth_consumer_key=" nerdbank.org ",oauth_nonce="fo6ycTp6",oauth_signature_method="RSA-SHA1",oauth_signature="Ruzx1Ih%2BSi7LO8CGh1MAw9y7eA376tkxw84B00%2FBIR8bX3lzTO9Qcmn3oEcMo%2FVav%2FM70kpSFwRcubTTos84HoFcTfE6tHnnFxMyO5wwQacg8WExV8tY8Nw3AfSXVDqEPlNmiox0vR4BsWcAhPklQsvZ5rhW2lKW%2FAGriw1hW%2Bo%3D",oauth_version="1.0",oauth_timestamp="1239078752" It's the same algorithm I'm using to sign the first three requests. Any ideas? Thanks. -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire On Mon, Apr 6, 2009 at 8:39 PM, Eran Hammer-Lahav <[email protected]>wrote: > Yep, not used. > > > http://oauth.googlecode.com/svn/spec/core/unofficial/1.0ec/drafts/1/spec.html#anchor10 > > EHL > > > > On 4/6/09 8:02 PM, "Andrew Arnott" <[email protected]> wrote: > > I have a working OAuth consumer against Google's SP when using HMAC-SHA1, > but when I switch to RSA-SHA1, all requests still work until I request > access to a protected resource using the access token. It's probably how > I'm signing the message with the private key in the x509 certificate. I > don't think I'm using the token_secret anywhere here. With HMAC-SHA1, you > concatenate the consumer and token secrets together for the key. But what > do I do for RSA-SHA1 signing, since the key is just the cert? It seems the > token_secret is unused? > > -- > Andrew Arnott > "I [may] not agree with what you have to say, but I'll defend to the death > your right to say it." - Voltaire > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
