All Discussions Tagged 'plaintext' - Build2024-03-29T14:03:57Zhttp://build.ning.com/forum/topic/listForTag?tag=plaintext&feed=yes&xn_auth=noIs OAuth authentication ONLY PLAINTEXT?tag:build.ning.com,2012-07-30:6308082:Topic:172692012-07-30T21:30:16.542ZJohn Woodwardhttp://build.ning.com/profile/JohnWoodward
<p>I have been able to get debug version of the software to get the OAuth 1.0a access token and secret for accounts at Twitter, LinkedIn, Tumblr, and Yahoo.</p>
<p>But always get 401 unauthorized on Ning.</p>
<p>I think I've made the mistake of thinking the documentation using "signature_method='PLAINTEXT' " was just for simplicity, clarity and avoidance of signature complications. That the 'HMAC-SHA1' default would be substituted for production work.</p>
<p></p>
<p>'PLAINTEXT' would mean our…</p>
<p>I have been able to get debug version of the software to get the OAuth 1.0a access token and secret for accounts at Twitter, LinkedIn, Tumblr, and Yahoo.</p>
<p>But always get 401 unauthorized on Ning.</p>
<p>I think I've made the mistake of thinking the documentation using "signature_method='PLAINTEXT' " was just for simplicity, clarity and avoidance of signature complications. That the 'HMAC-SHA1' default would be substituted for production work.</p>
<p></p>
<p>'PLAINTEXT' would mean our 3'rd party app has to get, from a form we present to the user, the user's Ning account email address AND Ning account password, does it not?</p>
<p>I thought a major part of OAuth was to avoid the 3'rd party software to ever knowing / having the Ning login credentials (email/password) for the user's Ning account.</p>
<p></p>
<p>Have I got this right?</p>
<p>If so, any prospects for full blown HMAC-SHA1 implementation in the offing?</p>
<p>At the moment, the Ruby OAuth gem I'm using does not offer 'PLAINTEXT' option. What would be recommended?</p>
<p></p>
<p></p>