On 09/07/2010 11:41, Simone Tripodi wrote: > Agreed, good catch, > that means that it has to be added to SignatureMethods methods > signature, since in client/server we have totally different statuses. > Something cheated me, thanks for the advice :)
Or leave the signature as is? Add: OAuthRequest.getToken(); and retrieve it from the token, inside SignatureMethod? String calculate(OAuthRequest req); OAuthToken t = req.getToken(); String tokenKey = t.getKey(); String tokenSecret = t.getSecret(); it would just mean the server version has to update the token before passing it to SignatureMethod. I think that's neater. p > Simo > > http://people.apache.org/~simonetripodi/ > http://www.99soft.org/ > > > > On Fri, Jul 9, 2010 at 12:30 PM, Pid <[email protected]> wrote: >> On 09/07/2010 11:03, Simone Tripodi wrote: >>> The token secret (aka secret credential) is required (empty, if not >>> known) to generate signatures (at least to PLAINTEX and HMAC methods), >>> so sounds it is currently missing in the SignatureMethod methods >>> signatures >>> >>> OR >>> >>> has to be added in the OAuthRequest ??? >> >> Yes - we'll need it somewhere. >> >> Maybe the request could have an OAuthToken getToken() method and we'll >> store the token component(s) separately from the other values? >> >> In client mode it would be available in the token. >> >> In server mode we'd have to look it up from the TokenStorage, using the >> key supplied in the request and update the token before passing it to >> SignatureMethod. >> >> >> p >> >>> I'd suggest for the second option, WDYT? >>> >>> Thanks in advance, have a nice day! >>> Simo >>> >>> http://people.apache.org/~simonetripodi/ >>> http://www.99soft.org/ >> >> >>
signature.asc
Description: OpenPGP digital signature
