Yep! The original post was looking for the problem-reporting "extension" [2] to be updated and have the signature_invalid section encourage service providers to include the signature base string used to calculate the signature in the error response.
Orkut's signature_invalid error was an example, several other service providers have the same issue. On May 27, 12:59 am, Manish Pandit <[email protected]> wrote: > On May 26, 11:26 am, Leah Culver <[email protected]> wrote: > > > > > Hmm... that might be best to report directly to Orkut or the Orkut API > > folks. > > > Sorry I can't be more helpful, > > Leah > > > On Tue, May 26, 2009 at 11:24 AM, Chirag Shah <[email protected]> wrote: > > > > Unfortunately, several service providers do not provide this > > > information in their signature_invalid errors. I was thinking it would > > > be adopted by more service providers if it was suggested in the > > > specification. > > > > Example: > > > >http://sandbox.orkut.com/social/rest/people/EXAMPLE_GUID/@friends/?oa... > > > > (Congrats Leah on the 5000th post!) > > > > On May 26, 10:55 am, Leah Culver <[email protected]> wrote: > > > > On Tue, May 26, 2009 at 10:52 AM, Chirag <[email protected]> wrote: > > > > > > When consumers encounter the infamous signature_invalid error, it's > > > > > often useful to compare the signature base string[1] generated by the > > > > > service provider with what the consumer generated. > > > > > > When looking at the problem-reporting "extension" [2], the > > > > > signature_invalid section should encourage service providers to > > > > > include the signature base string used to calculate the signature in > > > > > the error response. > > > > > > If the service provider does not provide this information, the > > > > > consumer is often guessing where the issue lives. > > > > > > [1] -http://oauth.net/core/1.0/#anchor14 > > > > > [2] -http://wiki.oauth.net/ProblemReporting > > > > > > Thanks, > > > > > Chirag Shah > > > > > The Python OAuth library already includes the expected base string in > > > > the > > > > error response. What API or library are you concerned about? > > > > > Feel free to file tickets against libraries here: > > >http://code.google.com/p/oauth/issues/list > > > > > Thanks, > > > > Leah > > Do you folks think it is a good idea to include the base string/ > normalized request parameters, etc. in the signature check failure > error message? I am not debating that, but kind of wondering if this > is going to help much, as the problem could be with the (re)encoding/ > (re)decoding as well which is hard to decipher from the error message > containing the expected signature components. > > May be something like xoauth_debug=true could trigger such a verbose > output, as I totally understand the frustration with failed signature > checks.. > > -cheers, > Manish --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
