Hi, I'm trying to create an OAuth 1.0 server using CXF. I have written my own custom OAuthDataProvider implementation, which maintains the client details and token details in memory (hash-table). I also have another Javascript client, which I am using to invoke the REST web-service that is protected via the CXF OAuth filter.
However, even upon providing the correct consumer key and secret, I am always getting a 401 Unauthorized on the client side. I know that the signature is getting generated correctly because I use the same client to invoke a JBoss RESTEasy OAuth server as well with minor changes in the syntax. Below is the Authorization header of the POST request which is sent from the client for obtaining the request token (as per http://cxf.apache.org/docs/jax-rs-oauth.html#JAX-RSOAuth-RequestTokenService): OAuth oauth_callback="oob",oauth_consumer_key="C1",oauth_signature_method="HMAC-SHA1",oauth_version="1.0",oauth_timestamp="1345183118",oauth_nonce="1TtaP6",oauth_signature="5Kpy%2FdJXAhFLFWbXXCI1NPGb2L0%3D" Am I missing something here? Is it that these parameters have to be sent without the quotes or differently? Upon putting debug messages in my OAuthDataProvider, I can see that it is finding the client as it enters the getClient () method which finds the client in the hash-table, but after that the createRequestToken () method is never called and a 401 is thrown. -- View this message in context: http://cxf.547215.n5.nabble.com/OAuth-1-0-in-Apache-CXF-tp5712720.html Sent from the cxf-user mailing list archive at Nabble.com.
