On Jun 26, 10:12 am, Kelvin Kao <null7...@gmail.com> wrote:
> Can we assume if there is any oauth_ reserved parameters, the service
> provider has to take in as consideration as base string? thx
>
> Sincerely,
>
> Kelvin Kao
>
Every request has a set of required oauth parameters - you should be
rejecting the request as a provider if the request does not contain
the required params. Again, this varies with the request type (getRT,
getAT, authorizeToken, access resources). The base string should take
into account all the parameters (oauth or not) to construct the
normalized parameter string. I'd recommend you go through signature
section of the Editor's Cut of the spec which goes over the signing
process in great depth.
-cheers,
Manish
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
