When sending requests, your should include it but you don't have to. When validating requests (on the server) you must include it in the base string if it was sent, and you must not include it if it was omitted.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Cosimo > Sent: Friday, June 26, 2009 6:41 AM > To: OAuth > Subject: [oauth] Should the signature generation include > "oauth_version"? > > > I'm almost done implementing an OAuth provider, starting to test some > real world application. > Right now I'm using the javascript demo here: > > http://oauth.googlecode.com/svn/code/javascript/example/index.html > > in particular, the "get request token" part. I see that the provided > examples work. > When I try with my own provider, it doesn't work. My provider > signature verification is based on Net::OAuth. The only difference is > that I can see between the generated signature and the request one is > that the base string is missing "oauth_version". > > The javascript library in the example does *not* include oauth_version > in the arguments, and it doesn't include it also in the base string, > while Net::OAuth does by default, even if the request has no > oauth_version, because optional. > > Reading the OAuth specs, it seems that oauth_version should *not* be > included if it's not present in the request, but then I wonder why > others using Net::OAuth don't have this problem. > > So, what is the correct behavior here? > > -- > Cosimo > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
