On Fri, Mar 19, 2010 at 10:52 AM, Ethan Jewett <[email protected]> wrote: > If I'm reading correctly, if the gadget chooses to use the container's > private key, then that is making use of the RSA signature mechanism. > If the gadget chooses to use the container's shared secret, then that > is the HMAC-SHA1 signature mechanism.
That's right. > It looks to me like the > PLAINTEXT method is not supported at all based on the wiki though I > don't see a technical reason why it should not be supported. Plaintext doesn't work in this context, because it sends long-lived secrets in clear-text to servers that are under the control of the application author, or, in the case of gadgets, everyone viewing the gadget. Cheers, Brian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
