16 thoughts on “Authentication

  1. thanks for taking the time to write this article. i had to read some of twiters oauth stuff to get to a point where i understood this article, but that just shows how concise it was. thank you.

  2. fantastic – I appreciated that you took the time to explain concepts like hashing and utf-8 encoding along the way. Excellent article!

  3. Is the base string correct?

    The & after the method is not URL encoded yet the rest of the string is????

  4. “OAuth does not allow any other parameter to use the ‘oauth_’ prefix.” – this contradicts the last bullet of Appendix A of the RFC, I believe.

    Thanks for this great resource!

  5. “The Signature Base String includes the request absolute URL, tying the signature to a specific endpoint. The URL used in the Signature Base String MUST include the scheme, authority, and path, and MUST exclude the query and fragment as defined by [RFC3986] section 3.”

    But on this page if one adds a query string in the Request Path the parameters are not excluded.

Comments are closed.