I'm just trying to run through some examples to understand how the oauth works, and I'm curious about the secure token handling.
I encode the url that I put into the secureToken and verified that it indeed goes out encoded in the raw request. When I break in shindig BasicSecurityTokenDecoder, however, I see that it has already unencoded the whole st/param for me, and subsequently blows up trying to split on the ":" in the URL. The only solution I came up with was to double encode the URL - which actually seems to work, but seem a bit odd. Have I missed something or is that really the way? Thanks. Gregg
