Summer has finally arrived which means that there is time over to work with fun stuff at work. During last week and this week I have been poking around with OAuth as authorisation method for Pinetree and other REST based apps under development here, and my initial reaction is that the existing libraries lacks documentation for implementing the 2-legged variant. It seems rather easy but getting the base string right when combining the JavaScript and Java libraries turned out to be less trivial than expected. Besides the wonderful guide at Hueniverse, the implementers’ draft accessible here was really helpful for those 2-legged setups.

*Update* I finally got the signature validation to work after removing all query parameters from the URL (or action) parameter of the message. Quite annoying and frankly I thought that it was taken care of automatically when calling OAuthHelper.getMessage(request), and the invalid_signature feedback was all but verbose when debugging this..