Hi there, I've been implementing OAuth support for CouchDB [1] using Tim Fletcher's erlang-oauth library [2]. However, I noticed a discrepancy in his implementation compared to a Java implementation [3] and Google's OAuth.js, in that it was URL-encoding the PLAINTEXT signature *twice*. Looking at the spec, it does seem a bit ambiguous due to the sentence: "The result MUST be encoded again". However, the example in appendix A.2 clearly shows the signature only being URL-encoded once.
Can someone authoritative clarify this? I'm pretty sure this should read, "the result is URL-encoded per Parameter Encoding" or similar to make it clear that the plaintext signature should only be URL-encoded once. To add to the confusion, I believe the PHP library [4] also encodes the PLAINTEXT signature twice, this really should be fixed. This is hinted in this thread: http://groups.google.com/group/oauth/browse_thread/thread/bd2e6d9feadfdea7/ab5fe9e473124316?lnk=gst&q=plaintext#ab5fe9e473124316 There is also another message on this group about this, but unfortunately with no reply: http://groups.google.com/group/oauth/browse_thread/thread/59e57bf6966b7a84/e273badfb7f5ab62?lnk=gst&q=plaintext#e273badfb7f5ab62 Thanks for your time, Jason [1]: http://github.com/jasondavies/couchdb/tree/oauth [2]: http://github.com/tim/erlang-oauth/tree/master [3]: http://oauth.googlecode.com/svn/code/java/core/ [4]: http://oauth.googlecode.com/svn/code/php/ -- www.jasondavies.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
