Thanks for the long reply. I am coding a Smalltalk REST client to communicate server 2 server. It is tested against MySàce.com and works fine, using only 2 legged OAuth, so what I am seeing in Orkut is an invalid signature and then I am not sure exactly what are the parameters used to build the base string to later obtain the signature. I lernt the hard way that the xoauth_requestor_id is allways required but have not seen any other source to check against different that the Oauth stanard. Nobody has provided me with a log trace from my requets made to orkut using my consumer key as a base for a search. I believe there could be a few people doing this kind of effort from scratch.
On 6/28/10, p...@google.com <p...@google.com> wrote: > Hi Devendra and Carlos, > > > I think the main confusion here is that the OAuth playground (doc) is > based on 3-legged OAuth, while the orkut REST documentation mainly > describes how gadget servers can talk to the orkut server using > 2-legged OAuth. I think we should be updating the guide to eliminate > any confusion. > > > > Please refer to the OAuth documentation in full here, and then consider > the following: > > > > 1. Yes, HMAC-SHA1 is good. I would use one of the OAuth libraries to > get my OAuth signature (which is really just the encoded version of the > OAuth shared secret that you got after gadget verification). I have no > idea what exact signing technique they use unless I took a look at > their code, but I can tell you that they are expected to follow the > guidelines laid down here. > > > 2. The oauth_token is a term specific to 3-legged OAuth (again, please > follow the OAuth doc above), and that's why you don't find it mentioned > in the guide. > > > 3. The OAuth scope is used simply to limit which services your > application has access to. It's not a website on its own. > > > 4. That point in question is again specific to the gadget server-orkut > server conversation, where "application" is a gadget that you install, > which then authorises the gadget server to be able to pull your profile > data. > > > It seems your purpose would be better solved using the client library, > which is not REST and which uses 3-legged OAuth. I believe at the > moment we have a much fuller support for RPC than for REST. > > > I hope that helps! > Prashant > > -- > You received this message because you are subscribed to the Google Groups > "orkut Developer Forum" group. > To post to this group, send email to opensocial-or...@googlegroups.com. > To unsubscribe from this group, send email to > opensocial-orkut+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/opensocial-orkut?hl=en. > > -- You received this message because you are subscribed to the Google Groups "orkut Developer Forum" group. To post to this group, send email to opensocial-or...@googlegroups.com. To unsubscribe from this group, send email to opensocial-orkut+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en.