• 1.0 About Veriplace
• 2.0 Getting Started
• 3.0 Using the User Discovery API
• 4.0 Using the Get Location API
• 5.0 Using the Past Location API
• 6.0 Using the Verify Permission API
• 7.0 Using the Permission Delete API
• 8.0 Using the Get Permissions API
• 9.0 Using the Invitation API
• 10.0 Using the Polling API
• 11.0 Using the Verify Locatability API
• 12.0 Previous API versions
• Veriplace XML Schema
• Disclaimer
• OAuth Core 1.0 Rev A

OAuth Core 1.0 Rev A

Veriplace - OAuth Core 1.0 Rev A

July 24, 2009

In response to a security advisory for OAuth 1.0, the OAuth community has issued a revised specification: OAuth Core 1.0 Rev A. Veriplace now requires Rev A, and the SDK has been updated to use it for all OAuth transactions.

For reference, the major changes to the specification with this revision are:
 1. When the Consumer Obtains a Request Token (6.1.1), they must provide their oauth_callback.
 2. When the Service Provider Issues an Unauthorized Request Token (6.1.2), they must return the parameter oauth_callback_confirmed=true to indicate that the callback was accepted and that Rev A is supported.
 3. When the Consumer Directs the User to the Service Provider (6.2.1), they must no longer provide their oauth_callback.
 4. When the Service Provider directs the User Back to the Consumer (6.2.3), an oauth_verifier parameter must be provided.
 5. When the Consumer Request an Access Token (6.3.1), the same oauth_verifier parameter must be submitted.