Authenticating a signed OAuth request

[MosheElisha]

Hello,

I have my consumer key and consumer secret.

A third party also has my consumer key and secret.

I am using Signpost (signpost-core-1.2.1.2.jar and signpost-commonshttp4-1.2.1.2.jar) to sign my requests to the third party.

When the third party sends me a request - the request is also signed using my consumer key and secret.

I want to authenticate / validate that the request is signed properly so I will be sure it is the third party that issued the request.

I could find a solution so I wrote a class that validates the signature (attached).

The class works as expected and is suitable for my needs.

However, I was wondering is there a better way to authenticate the request?

Thanks.

[Takahiro Horikawa]

Hi,

Please tell me more details about your purpose?

If you're not OAuth provider and your consumer key/secret are granted by another provider, you should not share these consumer key/secret with the third party because of a security reason.

If you only want to communicate with the third party, you might have some alternatives. please refer to this page. 

http://www.xml.com/pub/a/2003/12/17/dive.html

Regards,

Takahiro HORIKAWA

[MosheElisha]

Hey,

I am not an OAuth provider.

The third party generated a consumer key and secret for me and they instructed me to use them when I send requests to them and in order to verify that the requests I get are from them.

Thanks.