Hello! To answer your question ... the OAuth Temporary Credentials, which means the Request Token and Secret, are usually randomly generated by the Server in the same way like the Token Credentials (Access Token and Secret) and sent to the client. The Client needs the oauth_token_secret only once: for the request in which the Request Token is exchanged for an Access Token.
For the requests between Client and Server, the signature is generated as follows: 1) Request for Temporary Credentials - signed with Client Credentials only. 2) Request for Token Credentials - signed with Temporary Credentials (this is what you need the oauth_token_secret for). 3) Request for Resources - signed with Token Credentials. Hope I could help. Regards, Lukas Rosenstock 2010/7/28 KeefTM <kee...@gmail.com> > So I am currently writing a SP, and I have a few questions. First, I > am following the specs here: http://tools.ietf.org/html/rfc5849 Those > are the correct specs to follow, right? Second, it seems that for the > Temporary Credential Request, oauth_token and oauth_token_secret are > randomly generated. Is this the case? If so then what does the Client > do with the oauth_token_secret? Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to oa...@googlegroups.com. > To unsubscribe from this group, send email to > oauth+unsubscr...@googlegroups.com <oauth%2bunsubscr...@googlegroups.com>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > -- http://lukasrosenstock.net/ -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.