Is OAuth authentication ONLY PLAINTEXT?

I have been able to get debug version of the software to get the OAuth 1.0a access token and secret for accounts at Twitter, LinkedIn, Tumblr, and Yahoo.

But always get 401 unauthorized on Ning.

I think I've made the mistake of thinking the documentation using "signature_method='PLAINTEXT' " was just for simplicity, clarity and avoidance of signature complications.  That the 'HMAC-SHA1' default would be substituted for production work.

'PLAINTEXT' would mean our 3'rd party app has to get, from a form we present to the user, the user's Ning account email address AND Ning account password, does it not?

I thought a major part of OAuth was to avoid the 3'rd party software to ever knowing / having the Ning login credentials (email/password) for the user's Ning account.

Have I got this right?

If so, any prospects for full blown HMAC-SHA1 implementation in the offing?

At the moment, the Ruby OAuth gem I'm using does not offer 'PLAINTEXT' option.  What would be recommended?

Views: 184

Reply to This

Blog Posts

Getting Started

Posted by Kyle Ford on October 13, 2010 at 8:00am 3 Comments

A Note on API Pricing

Posted by Phil McCluskey on October 1, 2010 at 8:55am 0 Comments

Welcome to Build!

Posted by Kyle Ford on September 30, 2010 at 8:30pm 1 Comment

Ning Status

© 2024   Created by Build Team.   Powered by

Badges  |  Report an Issue  |  Terms of Service