OAuthAccessor.accessToken should be initialized to null, not "" (to indicate that the consumer has not yet obtained a valid access token).
The example oauth-provider validates requests like this: SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor); It calls SimpleOAuthValidator.validateSignature, which calls OAuthSignatureMethod.validate, which should call HMAC_SHA1.isValid. On Oct 12, 11:31 pm, Anuradha Thota <anuradha.th...@gmail.com> wrote: > Yes I have seen this example. I do not see signature verification > process anywhere.According to http://oauth.net/core/1.0, the Service > Provider verifies the request by generating a new request signature > octet string, and comparing it to the signature provided by the > Consumer. Could you plesae provide help on this? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---