Hi Rodney, It's the service provider that generates the oauth_verfier after authorizing the user. The service provider should be storing this value to compare to later. This means that the authorize_request_token method should not accept the oauth_verifier parameter since the verifier has not been created yet.
See section 6.2.2: http://oauth.net/core/1.0a#auth_step2 Thanks! Leah On Fri, Aug 14, 2009 at 10:48 AM, Rodney Dawes <[email protected]> wrote: > On Wed, 2009-08-12 at 18:35 -0700, Leah Culver wrote: > > Sorry for not getting back to you sooner. The patch you sent was a bit > > overwhelming but had some pretty good stuff in it. > > > > I've added preliminary 1.0a support here: > > http://code.google.com/p/oauth/source/detail?r=1092 > > This is broken. The change only adds the oauth_verifier argument to the > fetch_access_token method of OAuthDataStore. It also must be passed in > to the authorize_request_token method, so that the value can be stored, > and compared to in fetch_access_token, otherwise the argument is > useless, as there's nothing to compare it with. The attached patch > fixes this, and the example server. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
