Identi.ca client OAuth authentication
I try to port a Twitter client C++ application to Identi.ca.
So I have an already well working OAuth authentication for Twitter and I thought it couldn't be very complicated to shift this to Identi.ca, but indeed it is. I get several, always mysterious HTTP errors already in the first step, "obtaining the request token", and I have no idea what's wrong.
Generally I miss documentation for this and also informations about the servers. Especially I should know the following things:
1) Is SSL strictly needed or just an option for authentication in Identi.ca?
2) Are HTTP-POST-requests right or are GET-requests expected?
3) Is the PIN based OOB OAuth flow supported?
https://dev.twitter.com/docs/auth/pin-based-authorization
I need this strictly. If this is not supported I can immediately jump to step 4)
4) If I don't get this OAuth thing working at all ... will HTTP basic authentication be supported for future? Should I build my application upon this?
Please, can you help me with this?
---------------------------------------------------
Update 27 Aug 2012:
I made some steps at the weekend. I implemented SSL connections and tested this with Twitter. I optimized the algorithm and found probably a minor bug (I made my code more according to the OAuth specification). I read that the OOB flow is supported by Identi.ca. And I tried GET and POST requests (I found indeed GET requests in an example but POST is much more common). So I answered most of my questions myself.
But after all this I STILL HAVE NO ACCESS. What I get when I ask the Identi.ca server for a request_token is HTTP status 401: "Invalid signature". This is really strange. There are two possible reasons for this:
1) my signature algorithm (HMAC-SHA1) or URL-encoding is different from the expected,
2) the signed data (the so called signature base string) is wrong.
I have absolutely no idea. In both parts of the problem my code corresponds exactly with the OAuth specification. I checked this ten times character for character. And Twitter witnesses I'm right.
So, what's the difference to Twitter's OAuth???? Has nobody ever been on this point?
So I have an already well working OAuth authentication for Twitter and I thought it couldn't be very complicated to shift this to Identi.ca, but indeed it is. I get several, always mysterious HTTP errors already in the first step, "obtaining the request token", and I have no idea what's wrong.
Generally I miss documentation for this and also informations about the servers. Especially I should know the following things:
1) Is SSL strictly needed or just an option for authentication in Identi.ca?
2) Are HTTP-POST-requests right or are GET-requests expected?
3) Is the PIN based OOB OAuth flow supported?
https://dev.twitter.com/docs/auth/pin-based-authorization
I need this strictly. If this is not supported I can immediately jump to step 4)
4) If I don't get this OAuth thing working at all ... will HTTP basic authentication be supported for future? Should I build my application upon this?
Please, can you help me with this?
---------------------------------------------------
Update 27 Aug 2012:
I made some steps at the weekend. I implemented SSL connections and tested this with Twitter. I optimized the algorithm and found probably a minor bug (I made my code more according to the OAuth specification). I read that the OOB flow is supported by Identi.ca. And I tried GET and POST requests (I found indeed GET requests in an example but POST is much more common). So I answered most of my questions myself.
But after all this I STILL HAVE NO ACCESS. What I get when I ask the Identi.ca server for a request_token is HTTP status 401: "Invalid signature". This is really strange. There are two possible reasons for this:
1) my signature algorithm (HMAC-SHA1) or URL-encoding is different from the expected,
2) the signed data (the so called signature base string) is wrong.
I have absolutely no idea. In both parts of the problem my code corresponds exactly with the OAuth specification. I checked this ten times character for character. And Twitter witnesses I'm right.
So, what's the difference to Twitter's OAuth???? Has nobody ever been on this point?
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
