Every authenticated OAuth request using HMAC or RSA must be signed and has its own signature base string.
EHL > -----Original Message----- > From: oauth@googlegroups.com [mailto:oa...@googlegroups.com] On Behalf > Of Simone > Sent: Tuesday, May 12, 2009 12:22 PM > To: OAuth > Subject: [oauth] Re: SignatureBaseString in the 3 requests > > > Hi Eran. > Yes I have already read that page. > But also here there's the example of Signature Base String related to > the final request for access to the protected resource at the end of > OAuth flow, where compare the identity of the resource. > My doubt is: in the OAuth flow the consumer have to compute 3 > different Signature Base String like I have previous write, or there > is only a unique Signature Base String that is create by the consumer > only in the final request? I think that the consumer have to compute 3 > differente SBS, one for each different type of request that it do, > right? And in particular the identity of the resource (for example the > name of a jpeg image) compare only in the last request? > > > On 12 Mag, 20:55, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > > Just go to: > > > > http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html > > > > and try it out. > > > > The example in the spec shows both HMAC-SHA1 and PLAINTEXT (over > HTTPS). PLAINTEXT does not use the signature base string, but if you > use HMAC-SHA1 there instead, you will need it. > > > > EHL > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---