Unable to use https for oauth

Unable to use https for oauth

Submitted by jmstaley on Thu, 08/11/2011 - 18:59
Issue ID:3274
Issue Category:security
Component:api
Priority:normal
Status:active
Assigned:Unassigned
Version:0.9

Forgive me if there is an existing issue about this, I searched but didn't find anything.

I've been testing out the api trying to use oauth to authenticate with identi.ca. I registered my "app" with identi.ca and tried to use the Request token URL and Access token URL that are given. These urls are https.

When ever I attempt to use them i receive "invalid signature". Even when explicitly setting the signature method to HMAC_SHA1. If I use http addresses the api works.

I'm using the simplegeo oauth2 python library. This could be a bug with the library but it seems to work fine with twitter.

Updates

#1

Submitted by terminus on Sat, 02/04/2012 - 09:49.

Confirmed here too, using Perl's Net::OAuth.

Login or Register to modify this issue, or to receive updates by email.

You can also subscribe to the RSS feed for updates to this issue.