Return-Path: Delivered-To: apmail-incubator-amber-dev-archive@minotaur.apache.org Received: (qmail 16664 invoked from network); 9 Jul 2010 10:42:27 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 9 Jul 2010 10:42:27 -0000 Received: (qmail 45278 invoked by uid 500); 9 Jul 2010 10:42:26 -0000 Delivered-To: apmail-incubator-amber-dev-archive@incubator.apache.org Received: (qmail 45249 invoked by uid 500); 9 Jul 2010 10:42:26 -0000 Mailing-List: contact amber-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: amber-dev@incubator.apache.org Delivered-To: mailing list amber-dev@incubator.apache.org Received: (qmail 45241 invoked by uid 99); 9 Jul 2010 10:42:25 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Jul 2010 10:42:25 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of simone.tripodi@gmail.com designates 209.85.215.175 as permitted sender) Received: from [209.85.215.175] (HELO mail-ey0-f175.google.com) (209.85.215.175) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Jul 2010 10:42:19 +0000 Received: by eyf5 with SMTP id 5so286365eyf.6 for ; Fri, 09 Jul 2010 03:41:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=u13IjxCwqaTSMG4STncU50Ua12Qn4H87jxawI3WdU/4=; b=Wn5QOtf2qWm/xM/0OS0pdxynyXPof68r45cIVDgWZceXAgd2sRK+4wsPyN2wusq/LN gxE7RGLzEfcg9xGTufkKPlmvYFbco6ZRhLhNLDUFSGbQhImx3Ie2EDE9KMkm1sm0aybi 6SO4dELpcbBQ3jvZYX0NTHrkXaGGWaltiu2QI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=GHbxDtadSjEhGyAej7Qufk04yNZvjx7fZQyrHnCqCbPyIEwvgUIa6PRBqgjK7VNJ+f MKsG+VajQTCQ6+atTJdFVMIzYB0ZUdzaQsuLfF6Sk26TSV+/fNz3VNh0rvdVJ2Ll76Ju ZMp1Ox4a3vEPYOMIbDJN3imV0Or2HeJGMVTMQ= MIME-Version: 1.0 Received: by 10.213.27.206 with SMTP id j14mr8048339ebc.33.1278672070092; Fri, 09 Jul 2010 03:41:10 -0700 (PDT) Received: by 10.213.113.195 with HTTP; Fri, 9 Jul 2010 03:41:09 -0700 (PDT) In-Reply-To: <4C36FA46.5050107@pidster.com> References: <4C36FA46.5050107@pidster.com> Date: Fri, 9 Jul 2010 12:41:09 +0200 Message-ID: Subject: Re: Question about the token secret? From: Simone Tripodi To: amber-dev@incubator.apache.org, pid@pidster.com Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org Agreed, good catch, that means that it has to be added to SignatureMethods methods signature, since in client/server we have totally different statuses. Something cheated me, thanks for the advice :) Simo http://people.apache.org/~simonetripodi/ http://www.99soft.org/ On Fri, Jul 9, 2010 at 12:30 PM, Pid wrote: > On 09/07/2010 11:03, Simone Tripodi wrote: >> The token secret (aka secret credential) is required (empty, if not >> known) to generate signatures (at least to PLAINTEX and HMAC methods), >> so sounds it is currently missing in the SignatureMethod methods >> signatures >> >> OR >> >> has to be added in the OAuthRequest ??? > > Yes - we'll need it somewhere. > > Maybe the request could have an OAuthToken getToken() method and we'll > store the token component(s) separately from the other values? > > In client mode it would be available in the token. > > In server mode we'd have to look it up from the TokenStorage, using the > key supplied in the request and update the token before passing it to > SignatureMethod. > > > p > >> I'd suggest for the second option, WDYT? >> >> Thanks in advance, have a nice day! >> Simo >> >> http://people.apache.org/~simonetripodi/ >> http://www.99soft.org/ > > >