Plaintext Signature Method
23 views
Skip to first unread message
Andreas Neubert
Oct 14, 2011, 4:29:36 AM10/14/11
to GTM OAuth 1 Discussion
Hi,
the Service I'm trying to connect to is using the Plaintext Signature
Method ... is this method supported by GTM-Oauth? Haven't found a way
to use another signature method than MAC_SHA1?
the Service I'm trying to connect to is using the Plaintext Signature
Method ... is this method supported by GTM-Oauth? Haven't found a way
to use another signature method than MAC_SHA1?
Greg Robbins
Oct 14, 2011, 2:08:24 PM10/14/11
to gtm-...@googlegroups.com
I never envisioned that a serious API provider would use plaintext.
You should be able to add code for it to GTMOAuthAuthentication's signatureForParams:request: method.
Marc Hedlund
Oct 14, 2011, 2:10:24 PM10/14/11
to gtm-...@googlegroups.com
I believe plaintext was added to be useful over SSL (when you want OAuth to handle token flow but not security).
That fits if you believe OAuth signatures are a half-way reimplementation of SSL (and that half-way security is not security).
-M
-M
Greg Robbins
Oct 14, 2011, 2:14:12 PM10/14/11
to gtm-...@googlegroups.com
If requests are sent with SSL, the provider should be using OAuth 2 now.
Marc Hedlund
Oct 14, 2011, 2:14:55 PM10/14/11
to gtm-...@googlegroups.com
I agree.
-M
-M
Reply all
Reply to author
Forward
0 new messages