Oh So close! I'm now getting a 422 error, which means the server
understands the media type of the request entity, but was unable to
process the contained instructions, so the request itself is valid.
I'll get in contact with Brightkite and try find out what's wrong and
can hopefully provide
Hi John,
Thank You very much.
Regards,
Razak K
On Jan 26, 1:43 am, John Kristian jmkrist...@gmail.com wrote:
No, OAuth Core doesn't permit the consumer's secret to be used as the
signature, when the signature method is HMAC-SHA1.
A similar example that works
Jorgito wrote:
Hi! I'm new to this group. I am very grateful for the possibility it
brings me to ask questions, so thanks in advance ;)
Reading the spec of OAuth there's something whose motivation I can't
understand. Why distinguishing between a Request Token first, and an
Access Token
Sorry to hear it doesn't work. What happened when you tried it?
I've seen it work in Internet Explorer 7 on Windows. But it won't
work if you simply load
http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html
, because the browser won't permit sending requests to other servers
(for
Yep. The entire authentication/authorization discussion is sadly muddled.
The OAuth/OpenID hybrid proposal is adding to the confusion.
Sometimes I feel like we (people who have interest in the two concepts)
maintain there is a difference to justify standards' existence, even if
it's largely an
Hmm. Historically the separation came from the way the communities grew up
actually. There were thoughts initially to make OAuth and extension of
OpenID but because I was wary of the politics within the OpenID community, I
pushed for keeping OAuth completely separate and avoid having to do
Thanks for this history Chris. I remember it still being API
authentication in the first drafts of the OAuth IPR document; because
it was one of my comments on the doc:)
Here is an example usage. Again, this is more about leveraging the OAuth
signature mechanism than trying to represent
Hi Guys,
I am new to oAuth. I got the oauth_token and oauth_token_secret.
After that I tried to do the authorization part with the following
code.
function authoriseToken() {
try {
netscape.security.PrivilegeManager.enablePrivilege
(UniversalBrowserRead);
}
Ah ha. I get it.
That makes sense -- though it does seem like the goal should be to move away
from asking for usernames and passwords.
This, however, speaks to my concept of an account pin, where you could
authorize desktop apps with an easy-to-remember pin that doesn't give you
full account