Hello!
To answer your question ... the OAuth Temporary Credentials, which means the
Request Token and Secret, are usually randomly generated by the Server in
the same way like the Token Credentials (Access Token and Secret) and sent
to the client.
The Client needs the oauth_token_secret only once: for the request in which
the Request Token is exchanged for an Access Token.

For the requests between Client and Server, the signature is generated as
follows:
1) Request for Temporary Credentials - signed with Client Credentials only.
2) Request for Token Credentials - signed with Temporary Credentials (this
is what you need the oauth_token_secret for).
3) Request for Resources - signed with Token Credentials.

Hope I could help.
Regards,
 Lukas Rosenstock

2010/7/28 KeefTM <kee...@gmail.com>

> So I am currently writing a SP, and I have a few questions. First, I
> am following the specs here: http://tools.ietf.org/html/rfc5849 Those
> are the correct specs to follow, right? Second, it seems that for the
> Temporary Credential Request, oauth_token and oauth_token_secret are
> randomly generated. Is this the case? If so then what does the Client
> do with the oauth_token_secret? Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "OAuth" group.
> To post to this group, send email to oa...@googlegroups.com.
> To unsubscribe from this group, send email to
> oauth+unsubscr...@googlegroups.com <oauth%2bunsubscr...@googlegroups.com>.
> For more options, visit this group at
> http://groups.google.com/group/oauth?hl=en.
>
>


-- 
http://lukasrosenstock.net/

-- 
You received this message because you are subscribed to the Google Groups 
"OAuth" group.
To post to this group, send email to oa...@googlegroups.com.
To unsubscribe from this group, send email to 
oauth+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/oauth?hl=en.

Reply via email to