A lot of people have found my presentation on OAuth useful when trying
to learn the ins and outs of the entire request cycle with an OAuth-
protected API: http://bit.ly/oauth-zero-to-hero
When accessing a protected resource with OAuth, the oauth_token and
oauth_token_secret you receive become your "access token". You include
oauth_token as an OAuth parameter in your signature base string and
authorization header, and then sign your entire OAuth request with a
composite signing secret:
{url_escaped(consumer_secret)}&{url_escaped(oauth_token_secret)}
Taylor
On Mar 6, 2:55 pm, IDOLpeeps <i...@idolpeeps.com> wrote:
> I've overcome the nuances of generating the oauth signature. It
> shocks me that the API documentation provides no clear indication of
> how to send the tokens along with an API call. It's not even a PHP-
> specific question. Simply put: Where do the "oauth_token" and
> "oauth_token_secret" get embedded in API call: As posted parameters?
> If so, with what parameter names? Can anybody provide guidance? I
> have seen many people ask this question, yet see no answer.
>
> As far as why one would want to use their own library vs. somebody
> else's, that's a question for the ages. One specific answer is that
> many of us have created our own application-specific libraries that
> accommodate traditional http authentication and we'd like to keep our
> libraries when we add Oauth. To do so, it's best to have an answer to
> this question.
>
> Thank you.
