I have a working OAuth consumer against Google's SP when using HMAC-SHA1, but when I switch to RSA-SHA1, all requests still work until I request access to a protected resource using the access token. It's probably how I'm signing the message with the private key in the x509 certificate. I don't think I'm using the token_secret anywhere here. With HMAC-SHA1, you concatenate the consumer and token secrets together for the key. But what do I do for RSA-SHA1 signing, since the key is just the cert? It seems the token_secret is unused? -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---