Hi to everybody. I would like to know if I have well understood what the specifications says. I have understood that the SignatureBaseString must be inserted in each request that the Consumer make to the Service Provider. These requests are 3:
1) for a Request Token 2) for an Access Token 3) to access at the protected resources In the specifications there is only an example of the calculation of the SignatureBaseString, related to the third request, in order to access at the protected resources ("Appendix A.5.1. Generating Signature Base String"). Now I write the SignatureBaseString for each request, where I ignore the encoding for greater clarity. I ask you a feedback if I am being wrong. 1) Request for a Request Token SignatureBaseString = GET&http://photos.example.net/ request_token&oauth_consumer_key&oauth_token&oauth_nonce&oauth_timestamp&oauth_signature_method&oauth_version 2) Request for an Access Token SignatureBaseString = GET&http://photos.example.net/ access_token&oauth_consumer_key&oauth_token&oauth_nonce&oauth_timestamp&oauth_signature_method&oauth_version 3) Request for access to the protected resources SignatureBaseString = GET&http://photos.example.net/ photos&file&oauth_consumer_key&oauth_token&oauth_nonce&oauth_timestamp&oauth_signature_method&oauth_version&size is it correct? The differences are in the URL of the Service Provider and in the last request there are also the "file" and the "size" parameters. Obviosly the values of the parameters "oauth_token", "oauth_nonce", "oauth_timestamp" are different in the various requests. After that the consumer compute the SignatureBaseString: - in the case of RSA-SHA1: the consumer signs the SignatureBaseString with his private key and assigns this value at the oauth_signature parameter. - in the case of HMAC-SHA1: the consumer computes HMAC-SHA1 (SignatureBaseString), using the key K=ConsumerSecret&TokenSecret, and assigns this value at the oauth_signature parameter. is it correct? Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---