[oauth] Re: OAuth FAIL

Cool. You may recall these previous discussion on this list of questions of mine that stemmed from reading of the spec: Lexicographical ordering of parameters

[oauth] Re: OAuth FAIL

My quick list: * terminology - 'request a request token' * Handling of "required" empty parameters. * plaintext secret w/ empty access token (&, not ) * realm handling * clearer explanation of creating the signature base string (in my experience, this is the source of most problems) * explicit de

[oauth] Re: OAuth FAIL

The biggest complaint I hear about is the confusion around "consumer key" vs. "oauth token". For Netflix, the problem is determining who the consumer is, often with the individual creating the third party app to be sold on iPhones inevitably getting it wrong. We use API Key and secret for the

[oauth] Re: OAuth FAIL

On Wed, Feb 25, 2009 at 1:58 PM, Seth Fitzsimmons wrote: > > My quick list: > > * terminology - 'request a request token' I would prefer something like "intermediate token" (what does request token mean?!) > * Handling of "required" empty parameters. > * plaintext secret w/ empty access token (