Unfortunately, several service providers do not provide this information in their signature_invalid errors. I was thinking it would be adopted by more service providers if it was suggested in the specification.
Example: http://sandbox.orkut.com/social/rest/people/EXAMPLE_GUID/@friends/?oauth_signature_method=HMAC-SHA1&oauth_consumer_key=orkut.com%3A623061448914&oauth_version=1.0&xoauth_requestor_id=EXAMPLE_GUID&format=json&oauth_timestamp=1243361785&oauth_nonce=ldr5D&oauth_signature=DsINInBSHMjOxCwCpyBH1o1Hp1k%3D (Congrats Leah on the 5000th post!) On May 26, 10:55 am, Leah Culver <[email protected]> wrote: > On Tue, May 26, 2009 at 10:52 AM, Chirag <[email protected]> wrote: > > > When consumers encounter the infamous signature_invalid error, it's > > often useful to compare the signature base string[1] generated by the > > service provider with what the consumer generated. > > > When looking at the problem-reporting "extension" [2], the > > signature_invalid section should encourage service providers to > > include the signature base string used to calculate the signature in > > the error response. > > > If the service provider does not provide this information, the > > consumer is often guessing where the issue lives. > > > [1] -http://oauth.net/core/1.0/#anchor14 > > [2] -http://wiki.oauth.net/ProblemReporting > > > Thanks, > > Chirag Shah > > The Python OAuth library already includes the expected base string in the > error response. What API or library are you concerned about? > > Feel free to file tickets against libraries > here:http://code.google.com/p/oauth/issues/list > > Thanks, > Leah --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
