On Apr 27, 3:11 am, Lee Gibbons <[email protected]> wrote:
> Hi,
>
> I'm implementing encrypted signatures in an app which supports oAuth
> and I have a few Q's that I'm having trouble finding answers to.
>
> The OAuth spec stipulates that for HMAC-SHA1 signatures the key is the
> concatentation of Consumer Secret and Token Secret seperated by &.
>
> Does this mean that for the initial incoming call i.e. requesting
> request token, HMAC-SHA1 cannot be used for signatures because at that
> point the token secret has not been supplied ?
> If so why does the incoming request contain the oauth_signature_method
> parameter, surely it has to be plain text ?
>
> Lee.
Just to add more on what Dossy pointed out, do not forget to keep the
& in there.
-cheers,
Manish
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
