What version of the Ruby gem and Rails plugin are you using? The current versions do support the full 1.0a flow. If you have an older version there could be problems.
Please see the following article about updating to newer versions. http://stakeventures.com/articles/2009/07/21/major-update-to-ruby-on-rails-oauth-plugin If you are still having problems try asking on the OAuth-Ruby list, someone else might have had and solved the same problem you are experiencing. http://groups.google.com/group/oauth-ruby?hl=en P On Wed, Oct 21, 2009 at 4:31 AM, Florent <[email protected]> wrote: > > Hi everybody, > > I'm in pain figuring out whether the oauth_verifier can be sent back > from the consumer to the provider in the body of a POST request when > other parameters are sent in the authorization header. > > Here is my situation: I provide an API with OAuth, and one of our > users complains he cannot get an access token. Looking at the request, > he sent "usual" signature parameters in the header, and sent the > oauth_verifier in the body. > > * Looking at the spec in the section about sending parameters to the > provider (http://oauth.net/core/1.0a#consumer_req_param), parameters > should be sent in the authorization header (prefered) or in the > request body (second choice) or (... we don't care about this one). > But it is not forbidden to mix the places ! > > * Looking at the 9.1.1 part (http://oauth.net/core/1.0a#anchor13) > about collecting the consumer's parameters, the parameters must be > collected from various places. So it seems that the consumer can mix > the places. > > So I have 2 questions: > 1. Can the consumer send oauth parameters from various places (I > understand oauth parameter as being part of the signature) ? > 2. Is the oauth_verifier parameter, sent to the provider when > requesting an access token, a parameter part of the signature, or just > a request parameter? > > My understanding is that oauth_verifier is a regular oauth parameter, > so it's part of the signature, and that all signature should be > included in a single place. > > He tells me that the library he uses (a .net lib) works well with > Twitter and Google amongst others. But it won't work with the one I > use (Ruby OAuth + Rails OAuth plugin). > > Who's right here? > > Thanks, > Florent. > > > > -- http://agree2.com - Reach Agreement! http://extraeagle.com - Solutions for the electronic Extra Legal world http://stakeventures.com - Bootstrapping blog --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
