I am trying to create an OAuth consumer. Instead of testing it against my own (likely incorrectly implemented) oauth service provider, I decided to test it against an established OAuth provider. In this case, twitter.
My HTTP POST using the Authorization header is getting a 401 unauthorized response when attempting to get a request token from http://twitter.com/oauth/request_token. So, instead of doing a POST w/ an Authorization header, I thought I'd just breakpoint my test and grab a generated query string instead, and just drop it into my browsers url. My first question is: will this work (if I sign correctly)? Or is the 1.0a spec specific enough that GETs for request tokens are disallowed? My second question is: are there any web-apps out there that I can provide all the necessary information for generating a request to see if I am signing it correctly? In other words, I provide my public/ secret consumer tokens, signature method, oauth_version, timstamp, etc., and it shows me what the resulting signature *should* be, as well as the string the signature is generated from? I noticed Google's OAuth playground, but it doesn't quite fit the bill since it doesn't let you customize all the input parameters. regards, Matt -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
