You may want to use the OAuthBase.UrlEncode() method for this. I know
that C# tends to use lowercase hex for values where OAuth prefers
uppercase. This way, you know that the signature value being generated
will match. (Yes, I realize that the values are also read opaquely and
case doesn't
Nathan Beach wrote:
Google has enhanced our OAuth approval flow to significantly improve
the user experience for installed applications that use OAuth to
access our GData APIs.
Perhaps I'm missing something, but doesn't this kinda saw one of the
legs off of OAuth?
This approach basically
Kent Brewster wrote:
I don't think I'm alone in this; there have to be developers out there
who have never touched OAuth and are under terrific pressure to get it
working right freaking now. For them it's much less important to know
how a thing works than it is how to work it. Does that
Eran Hammer-Lahav wrote:
This is my favorite thread theme to bark at.
3. Libraries are Shit
Some are. How about write a new one or fix an existing one? How about
just ask the developer for help? People always bring up the idea of a
uniform interface across libraries which is a great
Message-
From: oauth@googlegroups.com [mailto:oa...@googlegroups.com] On Behalf
Of JR Conlin
Sent: Wednesday, April 29, 2009 8:41 PM
To: oauth@googlegroups.com
Subject: [oauth] Re: True OAuth Confessions, or Why My Hand-Rolled
Calls All Blew Chunks
Eran Hammer-Lahav wrote:
This is my
Agreed.
Granted, I'm starting to think that there ought to be a specification
for how the libraries are put together, but that's probably beside the
point. I will note that from the library point of view, you really want
to minimize the amount of thought that your end user has to give in
Brian Eaton wrote:
There are a few options.
1) Keep using OAuth 1.0.
SPs can tell users that they are authorizing an application on
their desktop. There is some risk of social engineering as you
describe, but hopefully the language on service provider pages
mentioning desktop
Zhihong wrote:
What's OAuth's rule on duplicate parameters? Any parameter can appear
in query string, Authorization header or post body. What happens if
the same parameter (say oauth_version) appears in more than one place?
if I remember correctly, non oauth parameters are sorted by key
The biggest complaint I hear about is the confusion around consumer
key vs. oauth token.
For Netflix, the problem is determining who the consumer is, often with
the individual creating the third party app to be sold on iPhones
inevitably getting it wrong.
We use API Key and secret for the
Christian Scholz / Tao Takashi (SL) wrote
So I am wondering in the iPhone case how I can be sure that I am
really at yahoo and not somewhere else. I don't see any URL, whether
it's SSL or not etc. and even if I would this application could of
course fake this as well (which I guess is also
I think the #1 thing to keep in mind regarding OAuth is that it's not
the sum total of what folks will be doing.
We all tend to be a little steeped in things here, but in many respects
the OAuth specs are a bit like telling folks interested in building
houses how to forge the steel for making
Hi all,
My apologies for being a slug and not staying on top of the OAuth
Library stuff, but I did want to pass along one tool I just pushed live.
http://developer.netflix.com/resources/OAuthTest
provides a third party page to prove your OAuth HMAC-SHA1 signature
generation, and allows you
secret?
seth
On Wed, Feb 4, 2009 at 3:29 PM, jr conlin jrcon...@gmail.com wrote:
Hi all,
My apologies for being a slug and not staying on top of the OAuth
Library stuff, but I did want to pass along one tool I just pushed live.
http://developer.netflix.com/resources/OAuthTest
being generated regardless of input).
seth
On Wed, Feb 4, 2009 at 4:10 PM, jr conlin jrcon...@gmail.com wrote:
Sure, I'll see what I can do about dumping that. (Possibly as an
advanced feature.)
The API Key /Shared Secret is something that we use, partly because we
discovered a good deal
Jorgito wrote:
Hi! I'm new to this group. I am very grateful for the possibility it
brings me to ask questions, so thanks in advance ;)
Reading the spec of OAuth there's something whose motivation I can't
understand. Why distinguishing between a Request Token first, and an
Access Token
John Kristian wrote:
Take percent encoding for example. Neglecting to percent encode leads
to a protocol violation, but when you investigate the root cause you
might find that the OAuth library provides a correct encoding
algorithm but the application neglected to call it. (Users of the
16 matches
Mail list logo
