OAuth Google Group

Re: [oauth] Communicating User Denial to Consumer

praveen.alavi...@gmail.com (Praveen Alavilli) — Tue, 15 Dec 2009 16:10:38 UT

Please look in to the Problem Reporting Extension that already defined the
errors for this : [link]

Re: [oauth] Communicating User Denial to Consumer

k42b...@googlemail.com (k42b3) — Tue, 15 Dec 2009 11:03:31 UT

hi Jimmy,

as I understand the specification doesnt specify any parameter for that
so you can use the oauth extension i.e. add the param

x_oauth_error=access+denied

to the callback url.

regards
k42b3

Re: [oauth] Communicating User Denial to Consumer

richard.bar...@gmail.com (Richard Barnes) — Mon, 14 Dec 2009 18:49:47 UT

I would say "absence of verifier", since without that, the 1.0a process
won't complete. But that wouldn't be backward-compatible with 1.0, which
didn't have the verifier.
--Richard

Communicating User Denial to Consumer

jimmy.zimmer...@gmail.com (Jimmy Z) — Fri, 11 Dec 2009 21:17:32 UT

Section 6.2.3 of the 1.0a states the following:

"If the User denies access, the Consumer MAY be notified that the
Request Token has been revoked."
[link]

I cannot find any details in the spec as to HOW the Consumer should be
notified of denial. The parameters provided in Section 6.2.3 are:

Re: [oauth] Re: test OAuth consumer and service provider

k42b...@googlemail.com (k42b3) — Fri, 11 Dec 2009 12:38:44 UT

hi hitoshi uchida,

as I have seen so far at [link]
you can only work with
google APIs that means you cant access external OAuth service providers.
This is because google
uses scopes wich is not part of the OAuth specification (but its a great
idea to narrow down the

Re: Troubles with google OAuth html verification on localhost

andrei.sheve...@googlemail.com (Andrei) — Thu, 10 Dec 2009 14:19:43 UT

Thank you a lot, My localhost was blocked by firewall, and all ports
too.
I try to use public host to get application and private keys.

Re: [oauth] RSA signature sample

fan...@sevengoslings.net (Morten Fangel) — Thu, 10 Dec 2009 02:27:31 UT

I have run the RSA-SHA1 tests as part of the unit test for the php
library.. They do indeed compute correctly to the values listed..

(I only test on the SBS compute up to the signature listed, the tests
doesn't build the SBS for themselves, but the building of SBS is
thoroughly tested elsewhere, so it shouldn't matter)

Re: [oauth] Troubles with google OAuth html verification on localhost

rwi...@gmail.com (Robert Winch) — Wed, 09 Dec 2009 20:30:12 UT

If I understand correctly, you are attempting to register your web
application with Google to create a consumer key and secret? The application
is running on your local machine and so after adding the verification file
to localhost you tell google to verify the file exists. Upon doing so you
get the error you mentioned. The problem is that localhost only resolves to

Troubles with google OAuth html verification on localhost

andrei.sheve...@googlemail.com (Andrei) — Wed, 09 Dec 2009 10:15:11 UT

Hi all,

i have some troubles with creating Application and Secret Keys bei
Google with OAuth. The sample app runs as localhost (IIS or Sambar
server). The google verification file on localhost/googleca... is ok.
But there is an error by verification: The host could not be reached

Why???

RSA signature sample

hubert...@gmail.com (Hubert Le Van Gong) — Wed, 09 Dec 2009 17:23:42 UT

Hi Folks,

Has anyone confirmed the RSA-SHA1 signature example
that is shown on the test case ([link]

I'm getting a different signature (and the use of vacaction.jpg
instead of vacation.jpg as parameter makes me wonder...

Otherwise are there any other RSA-SHA1 test case out there?

Re: Why doesn't the token exchange step require the temp oauth_token and a signature with its secret?

hitoshi.uch...@gmail.com (hitoshi uchida) — Wed, 09 Dec 2009 11:53:31 UT

Concerning oauth spec, there are 2 version v1.0, v1.0a except for IETF
draft.
Because v1.0 has a security weakness related to 'oauth_callback',
v1.0a was published.
Though current Twitter OAuth is based on v1.0,
Google OAuth is based on v1.0a and specific parameters are also
available.
So those 2 version specs make you confused.

Re: Can not get used details using access tokens

hitoshi.uch...@gmail.com (hitoshi uchida) — Wed, 09 Dec 2009 11:40:38 UT

Hi,

Though your code sets a 'scope' parameter to retrieve user's protected
resource,
I think the parameter causes the issue because it isn't necessary in
this step.
The 'scope' parameter is used only for retrieving the unauthorized
request token;
that is, first step of OAuth.
The 'scope' parameter is a google specific parameter,

Re: test OAuth consumer and service provider

hitoshi.uch...@gmail.com (hitoshi uchida) — Wed, 09 Dec 2009 11:08:57 UT

Dear k42b3,

The service is good to debug and understand.
However, I'm afraid, how about using below 'OAuth Playground' ?
[link]

Can not get used details using access tokens

ionut.and...@gmail.com (ionut.andras) — Tue, 08 Dec 2009 09:31:00 UT

Hi all,

I'm quite new to OAuth authentication and I'm trying to make a web
application which allows users to login with their google accounts and
then I need their credentials to fill a profile. My problem is that
after completing the oauth 3 steps: GetRequestToken, AuthorizeToken,
GetAccesstoken, I can not perform the last request to get the user

Why doesn't the token exchange step require the temp oauth_token and a signature with its secret?

ingmar.ru...@gmail.com (KiNgMaR) — Mon, 07 Dec 2009 16:35:35 UT

Hey.

I am referring to section 2.3. "Token Credentials" of the IETF draft
here.

The example is missing the oauth_token entry. I assume this is just a
mistake in the docs, or has other reasons. Is that correct?

To quote:

Alright, so the 2.3 step needs to have oauth_token set to the temp