|
|
|
|
|
|
by icheishvili
5073 days ago
|
|
|
As the author of several OAuth 1.0 libraries (https://github.com/icheishvili/pyoauth, https://github.com/icheishvili/phoauth), I would like to see a completed spec. The only real problem with 1.0 is the difficulty of implementing it correctly and later debugging it when things go wrong (aka, the infamous generic "Invalid Signature" errors). In my mind, it would go a long way if generating a signature was based on a random nonce (say 16 bytes) + client id + client secret + access token. |
|
|