I try to port a Twitter client C++ application to Identi.ca.
So I have an already well working OAuth authentication for Twitter and I thought it couldn't be very complicated to shift this to Identi.ca, but indeed it is. I get several, always mysterious HTTP errors already in the first step, "obtaining the request token", and I have no idea what's wrong.
Generally I miss documentation for this and also informations about the servers. Especially I should know the following things:
1) Is SSL strictly needed or just an option for authentication in Identi.ca?
2) Are HTTP-POST-requests right or are GET-requests expected?
3) Is the PIN based OOB OAuth flow supported?https://dev.twitter.com/docs/auth/pin-based-authorization
I need this strictly. If this is not supported I can immediately jump to step 4)
4) If I don't get this OAuth thing working at all ... will HTTP basic authentication be supported for future? Should I build my application upon this?
Please, can you help me with this?
Update 27 Aug 2012:
I made some steps at the weekend. I implemented SSL connections and tested this with Twitter. I optimized the algorithm and found probably a minor bug (I made my code more according to the OAuth specification). I read that the OOB flow is supported by Identi.ca. And I tried GET and POST requests (I found indeed GET requests in an example but POST is much more common). So I answered most of my questions myself.
But after all this I STILL HAVE NO ACCESS. What I get when I ask the Identi.ca server for a request_token is HTTP status 401: "Invalid signature". This is really strange. There are two possible reasons for this:
1) my signature algorithm (HMAC-SHA1) or URL-encoding is different from the expected,
2) the signed data (the so called signature base string) is wrong.
I have absolutely no idea. In both parts of the problem my code corresponds exactly with the OAuth specification. I checked this ten times character for character. And Twitter witnesses I'm right.
So, what's the difference to Twitter's OAuth???? Has nobody ever been on this point?