1

I am using (OpenId+OAuth) hybrid protocol.

After I redirect user to "https://www.google.com/accounts/o8/ud" with all openid and oauth extension parameters, user is able to see login screen and services I need to access. On successfull login I receive response as following:

http://muUrl.com/...&openid.ns.ext2=http://specs.openid.net/extensions/oauth/1.0&openid.ext2.scope=http://docs.google.com/feeds/&openid.ext2.request_token=4/8GCHDIvtxhbg8gVkfYro7QIFakoB

I understand user is properly logged in and text in bold is authorized token. Then I make call for obtaining access token with all parameters except oauth_verifier as that is not available in hybrid mode. I sign base string using HMAC-SHA1 with key as "consumersecret&" (token secret is yet not available)

I get 400 bad request with signature invalid. Any help or suggestion is highly appreciated to resolve this issue.

helloworld
  • 2,179
  • 3
  • 24
  • 39
  • Check your percent escaping. Google tokens have lots of special characters in them and it's easy to forget to escape them correctly. This will make the signatures fail to match. If that doesn't work, you're really going to have to add more information to your question. There's nowhere near enough information here to debug an OAuth issue successfully. – Bob Aman Feb 05 '11 at 06:12
  • thanks... it was encoding issue only. – helloworld Feb 07 '11 at 03:29
  • 1
    but where do you write the encoding? it's Google classes... I get a code like this 'code=4/Ryjbc-ykPJvJhhonyYiN3359rofU.8r0nRibOcg0TOl05ti8ZT3aNCxetdQI' - do you think it should be encoded? – OhadR Nov 06 '12 at 16:31

1 Answers1

1

pls see Bob and my comments. % escaping can be an issue if you are facing same problem as mine. oauth_verifier is indeed not required in hybrid mode.

helloworld
  • 2,179
  • 3
  • 24
  • 39