Hey all, I'm trying to write a gadget that runs on our Shindig based container and have run into several hurdles along the way. You can read more about it on their forums, but the problem I'm having now is that I get to a point where I have an access token and try and fetch data, and when I do that Shindig adds the opensocial_* parameters and includes them when signing the request, which causes TripIt's OAuth provider to reject the request because it ignores those parameters completely and doesn't include them when calculating the signature. The details are on this thread <http://groups.google.com/group/api_tripit/browse_thread/thread/d41d54935b646438/771f24d3bda32352#771f24d3bda32352>.
So, what is the solution for this? Is his argument valid? Do I need to include special handling in my container for TripIt to get it to work? Is this going to be a common theme when trying to access data protected by OAuth? It's starting to seem like there is really no "standards" in how to make OAuth requests or do the dance. Sure there are the basics, but the service providers are so free to specify additional parameters that a generic approach like the one taken in Shindig just can't work. Thanks, Rich
