Sachim, so you are saying that in the Orkut auth model the
xoauth_requestor_id is allways required and it is being a part of the
signature elements?
Regards, Carlos
On 24 mayo, 13:26, Sachin Shenoy wrote:
> Hi Carlos,
>
> 2-legged oauth does not work like that. Even if you are not using @me and
Hi Carlos,
2-legged oauth does not work like that. Even if you are not using @me and
are specifying the user-id, the authentication layer will fail. This is
because as per the 2-legged oauth scheme xoauth_requestor_id is required and
if not present we will fail.
The sample I sent happened to have
Sachin, I am not sending @me so the Orkut may resolve the ID from the
URI as ID goes between pepollr/ID/@self. Second, your sample bsse
string below shows both oauth_body_hash and xoauth_requestor_id, this
casr is puzzling me
BTW I tested a GET requedt for people/id/@self sending the
xoauth_re
Hi Carlos,
If you are making a 2-legged oauth call, you can optionally avoid
oauth_body_hash. But you have to specify xoauth_requestor_id. That is the
only way we can know who the "viewer" of the request is. I would suggest
avoiding oauth_body_hash (at least for testing) since it is not mandatory.
Hi Carlos,
No, they're both not required and shouldn't be supplied.
~Prashant
On May 23, 2:10 pm, Carlos wrote:
> Hi, I am getting "invalid signature" from my REST calls, so I wanted
> to make sure if the signature is built from the oauth 1.0 parameters
> and
> - oauth_body_hash required or not
5 matches
Mail list logo
