"oauth_signature is set to the concatenated encoded values of the Consumer Secret and Token Secret, separated by a ‘&’ character (ASCII code 38), even if either secret is empty. The result MUST be encoded again."
So that says it all, so to answer your question, it would be (1)& On Aug 10, 4:35 am, Neil Garb <[email protected]> wrote: > I am implementing an oAuth 1.0 server, and I'd like to ask for some > clarification of section 3.4.2 in the spec ('HMAC-SHA1'). > > This section defines the key used in the HMAC-SHA1 calculation as > being a concatenation of > > (1) The client shared secret > (2) "&" > (3) The token shared secret > > In the example given in section 1.2, the first temporary credential > request already has an oauth_signature before it has a request token, > so (3), above, is not available yet. > > What is the correct value for the key, then? Is it (1) + (2), or just > (1)? -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
