Tomdroid[0] uses signpost[1] as oauth library. This lib detected our server
as OAuth 1.0 and not 1.0a because callback_confirmed was "TRUE" instead of
"true".
OAuth 1.0 does not have the verifier parameter, so it was ignored and not
sent to our server.
The OAuth RFC 5849 specifies in section 2.1:
oauth_callback_confirmed
MUST be present and set to "true".
TRUE is not true, so we failed to implement the spec correctly.
[0] https://launchpad.net/tomdroid
[1] https://github.com/mttkay/signpost
array(
'oauth_token' => $token->tokenKey,
'oauth_token_secret' => $token->secret,
array(
'oauth_token' => $token->tokenKey,
'oauth_token_secret' => $token->secret,
- 'oauth_callback_confirmed' => 'TRUE'
+ 'oauth_callback_confirmed' => 'true'
)
);
} catch (OAuthException $e) {
)
);
} catch (OAuthException $e) {