Hi Eran, Thanks for your reply. Just in case anyone is still confused, the plaintext signature is: encode(consumer_secret) + '&' + encode (token_secret) (this is the first encoding step and this is what I would call the actual signature). Then the second encoding step is done when actually sending the OAuth parameters i.e. oauth_signature=encode(plaintext_signature).
Cheers, Jason On Jul 19, 4:52 pm, Eran Hammer-Lahav <[email protected]> wrote: > That's a bug in the spec. The second encoding only happens according to the > way the parameters are delivered. The example in the spec is correct. > > EHL > > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf > > Of Jason Davies > > Sent: Sunday, July 19, 2009 2:11 AM > > To: OAuth > > Subject: [oauth] Clarification of 9.4.1 - "PLAINTEXT" signature method > > > Hi there, > > > I've been implementing OAuth support for CouchDB [1] using Tim > > Fletcher's erlang-oauth library [2]. However, I noticed a discrepancy > > in his implementation compared to a Java implementation [3] and > > Google's OAuth.js, in that it was URL-encoding the PLAINTEXT signature > > *twice*. Looking at the spec, it does seem a bit ambiguous due to the > > sentence: "The result MUST be encoded again". However, the example in > > appendix A.2 clearly shows the signature only being URL-encoded once. > > > Can someone authoritative clarify this? I'm pretty sure this should > > read, "the result is URL-encoded per Parameter Encoding" or similar to > > make it clear that the plaintext signature should only be URL-encoded > > once. > > > To add to the confusion, I believe the PHP library [4] also encodes > > the PLAINTEXT signature twice, this really should be fixed. This is > > hinted in this thread: > >http://groups.google.com/group/oauth/browse_thread/thread/bd2e6d9feadfd > > ea7/ab5fe9e473124316?lnk=gst&q=plaintext#ab5fe9e473124316 > > > There is also another message on this group about this, but > > unfortunately with no reply: > >http://groups.google.com/group/oauth/browse_thread/thread/59e57bf6966b7 > > a84/e273badfb7f5ab62?lnk=gst&q=plaintext#e273badfb7f5ab62 > > > Thanks for your time, > > > Jason > > > [1]:http://github.com/jasondavies/couchdb/tree/oauth > > [2]:http://github.com/tim/erlang-oauth/tree/master > > [3]:http://oauth.googlecode.com/svn/code/java/core/ > > [4]:http://oauth.googlecode.com/svn/code/php/ > > > -- > >www.jasondavies.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
