oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simone Tripodi <simone.trip...@gmail.com>
Subject Re: Question about the token secret?
Date Fri, 09 Jul 2010 10:41:09 GMT
Agreed, good catch,
that means that it has to be added to SignatureMethods methods
signature, since in client/server we have totally different statuses.
Something cheated me, thanks for the advice :)
Simo

http://people.apache.org/~simonetripodi/
http://www.99soft.org/



On Fri, Jul 9, 2010 at 12:30 PM, Pid <pid@pidster.com> wrote:
> On 09/07/2010 11:03, Simone Tripodi wrote:
>> The token secret (aka secret credential) is required (empty, if not
>> known) to generate signatures (at least to PLAINTEX and HMAC methods),
>> so sounds it is currently missing in the SignatureMethod methods
>> signatures
>>
>> OR
>>
>> has to be added in the OAuthRequest ???
>
> Yes - we'll need it somewhere.
>
> Maybe the request could have an OAuthToken getToken() method and we'll
> store the token component(s) separately from the other values?
>
> In client mode it would be available in the token.
>
> In server mode we'd have to look it up from the TokenStorage, using the
> key supplied in the request and update the token before passing it to
> SignatureMethod.
>
>
> p
>
>> I'd suggest for the second option, WDYT?
>>
>> Thanks in advance, have a nice day!
>> Simo
>>
>> http://people.apache.org/~simonetripodi/
>> http://www.99soft.org/
>
>
>

Mime
View raw message