On Jun 26, 6:40 am, Cosimo <[email protected]> wrote:
> I'm almost done implementing an OAuth provider, starting to test some
> real world application.
> Right now I'm using the javascript demo here:
>
> http://oauth.googlecode.com/svn/code/javascript/example/index.html
>
> in particular, the "get request token" part. I see that the provided
> examples work.
> When I try with my own provider, it doesn't work. My provider
> signature verification is based on Net::OAuth. The only difference is
> that I can see between the generated signature and the request one is
> that the base string is missing "oauth_version".
>
> The javascript library in the example does *not* include oauth_version
> in the arguments, and it doesn't include it also in the base string,
> while Net::OAuth does by default, even if the request has no
> oauth_version, because optional.
>
> Reading the OAuth specs, it seems that oauth_version should *not* be
> included if it's not present in the request, but then I wonder why
> others using Net::OAuth don't have this problem.
>
> So, what is the correct behavior here?
>
> --
> Cosimo
The only 2 params I am aware of that need to be excluded are the realm
(if present, and it is not technically an oauth parameter anyway) and
the oauth_signature. The version is an optional param and if present,
I'd think you have to include it to calculate the signature.
-cheers,
Manish
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
