Hi,
I've encountered similar issue when trying to get tokens out of Twitter OAuth. They seem like rejecting my request because of extension parameter "xoauth_app_url". I found this because it did work when trying the same thing without "xoauth_app_url" which I examined using shindig code. On the other hand, looking at OAuth spec, 9.1.1 Normalize Request Parameters http://oauth.net/core/1.0#anchor14 saying that all parameters must be concatenated except for "oauth_signature" to make signature base string which I believe is the problem, if I'm not misunderstanding. Both Twitter and TripIt are using ruby? then I doubt the problem lives in ruby oauth library. This is just my guess though. Eiji, 2009/5/8 Richard Wallace <[email protected]>: > Hey all, > > I'm trying to write a gadget that runs on our Shindig based container > and have run into several hurdles along the way. You can read more > about it on their forums, but the problem I'm having now is that I get > to a point where I have an access token and try and fetch data, and > when I do that Shindig adds the opensocial_* parameters and includes > them when signing the request, which causes TripIt's OAuth provider to > reject the request because it ignores those parameters completely and > doesn't include them when calculating the signature. The details are > on this thread > <http://groups.google.com/group/api_tripit/browse_thread/thread/d41d54935b646438/771f24d3bda32352#771f24d3bda32352>. > > So, what is the solution for this? Is his argument valid? Do I need > to include special handling in my container for TripIt to get it to > work? Is this going to be a common theme when trying to access data > protected by OAuth? It's starting to seem like there is really no > "standards" in how to make OAuth requests or do the dance. Sure there > are the basics, but the service providers are so free to specify > additional parameters that a generic approach like the one taken in > Shindig just can't work. > > Thanks, > Rich >
