I am implementing an oAuth 1.0 server, and I'd like to ask for some
clarification of section 3.4.2 in the spec ('HMAC-SHA1').This section defines the key used in the HMAC-SHA1 calculation as being a concatenation of (1) The client shared secret (2) "&" (3) The token shared secret In the example given in section 1.2, the first temporary credential request already has an oauth_signature before it has a request token, so (3), above, is not available yet. What is the correct value for the key, then? Is it (1) + (2), or just (1)? -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
