Hi, I'm implementing encrypted signatures in an app which supports oAuth and I have a few Q's that I'm having trouble finding answers to.
The OAuth spec stipulates that for HMAC-SHA1 signatures the key is the concatentation of Consumer Secret and Token Secret seperated by &. Does this mean that for the initial incoming call i.e. requesting request token, HMAC-SHA1 cannot be used for signatures because at that point the token secret has not been supplied ? If so why does the incoming request contain the oauth_signature_method parameter, surely it has to be plain text ? Lee. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---