Fair enough. Upon further investigation, the "nonce" and "timestamp" fields aren't being respected (they're being generated regardless of input).
seth On Wed, Feb 4, 2009 at 4:10 PM, jr conlin <jrcon...@gmail.com> wrote: > > Sure, I'll see what I can do about dumping that. (Possibly as an > "advanced" feature.) > > The API Key /Shared Secret is something that we use, partly because we > discovered a good deal of confusion about what "consumer" meant. (For > that matter, folks didn't understand the difference between "oauth" and > "consumer" either and would frequently swap them.) Since we provide the > key/secret with that term, I stuck with it here. > > Seth Fitzsimmons wrote: >> Hey JR. >> >> This is great. It would be really helpful if you dumped the >> normalized parameter string and the signature base string as well as >> allowing the method to be overridden. I've found that the signature >> base string is usually the piece that doesn't match between >> implementations, so being able to compare them is really valuable. >> >> Is there a reason that you're using the "Api key" / "Shared secret" >> terminology instead of "Consumer key" / "Consumer secret"? >> >> seth >> >> On Wed, Feb 4, 2009 at 3:29 PM, jr conlin <jrcon...@gmail.com> wrote: >> >>> Hi all, >>> >>> My apologies for being a slug and not staying on top of the OAuth >>> Library stuff, but I did want to pass along one tool I just pushed live. >>> >>> http://developer.netflix.com/resources/OAuthTest >>> >>> provides a third party page to prove your OAuth HMAC-SHA1 signature >>> generation, and allows you to set the nonce and timestamp in order to >>> validate that your signature matches the signature I'm generating. >>> >>> Considering the number of times I've been asked in forums about "why is >>> my signature generated by library X being rejected?", I figured it might >>> be helpful to have something like this. >>> >>> Although it's targeted for Netflix, it's obviously not restricted to >>> only Netflix calls. It also doesn't fetch or store tokens or secrets, so >>> you'd have to provide your own. >>> >>> Let me know if you have any questions or comments about this. (I'd love >>> to hear that someone else had already built something like this, but the >>> term.ie form seems to be more targeted toward fetching the request token.) >>> >>> >> >> > >> >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
