Can we assume if there is any oauth_ reserved parameters, the service provider has to take in as consideration as base string? thx
Sincerely, Kelvin Kao On Fri, Jun 26, 2009 at 9:31 AM, Eran Hammer-Lahav <[email protected]>wrote: > > When sending requests, your should include it but you don't have to. When > validating requests (on the server) you must include it in the base string > if it was sent, and you must not include it if it was omitted. > > EHL > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf > > Of Cosimo > > Sent: Friday, June 26, 2009 6:41 AM > > To: OAuth > > Subject: [oauth] Should the signature generation include > > "oauth_version"? > > > > > > I'm almost done implementing an OAuth provider, starting to test some > > real world application. > > Right now I'm using the javascript demo here: > > > > http://oauth.googlecode.com/svn/code/javascript/example/index.html > > > > in particular, the "get request token" part. I see that the provided > > examples work. > > When I try with my own provider, it doesn't work. My provider > > signature verification is based on Net::OAuth. The only difference is > > that I can see between the generated signature and the request one is > > that the base string is missing "oauth_version". > > > > The javascript library in the example does *not* include oauth_version > > in the arguments, and it doesn't include it also in the base string, > > while Net::OAuth does by default, even if the request has no > > oauth_version, because optional. > > > > Reading the OAuth specs, it seems that oauth_version should *not* be > > included if it's not present in the request, but then I wonder why > > others using Net::OAuth don't have this problem. > > > > So, what is the correct behavior here? > > > > -- > > Cosimo > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
