On May 26, 11:26 am, Leah Culver <leah.cul...@gmail.com> wrote:
> Hmm... that might be best to report directly to Orkut or the Orkut API
> folks.
>
> Sorry I can't be more helpful,
> Leah
>
> On Tue, May 26, 2009 at 11:24 AM, Chirag Shah <chiragsh...@gmail.com> wrote:
>
> > Unfortunately, several service providers do not provide this
> > information in their signature_invalid errors. I was thinking it would
> > be adopted by more service providers if it was suggested in the
> > specification.
>
> > Example:
>
> >http://sandbox.orkut.com/social/rest/people/EXAMPLE_GUID/@friends/?oa...
>
> > (Congrats Leah on the 5000th post!)
>
> > On May 26, 10:55 am, Leah Culver <leah.cul...@gmail.com> wrote:
> > > On Tue, May 26, 2009 at 10:52 AM, Chirag <chiragsh...@gmail.com> wrote:
>
> > > > When consumers encounter the infamous signature_invalid error, it's
> > > > often useful to compare the signature base string[1] generated by the
> > > > service provider with what the consumer generated.
>
> > > > When looking at the problem-reporting "extension" [2], the
> > > > signature_invalid section should encourage service providers to
> > > > include the signature base string used to calculate the signature in
> > > > the error response.
>
> > > > If the service provider does not provide this information, the
> > > > consumer is often guessing where the issue lives.
>
> > > > [1] -http://oauth.net/core/1.0/#anchor14
> > > > [2] -http://wiki.oauth.net/ProblemReporting
>
> > > > Thanks,
> > > > Chirag Shah
>
> > > The Python OAuth library already includes the expected base string in the
> > > error response. What API or library are you concerned about?
>
> > > Feel free to file tickets against libraries here:
> >http://code.google.com/p/oauth/issues/list
>
> > > Thanks,
> > > Leah
>
>
Do you folks think it is a good idea to include the base string/
normalized request parameters, etc. in the signature check failure
error message? I am not debating that, but kind of wondering if this
is going to help much, as the problem could be with the (re)encoding/
(re)decoding as well which is hard to decipher from the error message
containing the expected signature components.
May be something like xoauth_debug=true could trigger such a verbose
output, as I totally understand the frustration with failed signature
checks..
-cheers,
Manish
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
