support OAuth 1.0a

[GoogleCodeExporter]

Recently there was a vulnerability found in the OAuth protocol (used to
authenticate with Google for various web services demos). Changes to the
protocol were required to fix this vulnerability. Until Orchard implements
the new protocol, Google will display the warning message: "This website is
registered with Google to make authorization requests, but has not been
configured to send requests securely."

Eventually Google and other OAuth providers will probably stop supporting
the old, insecure protocol. We should update our implementation of the
OAuth client to use the new version of the protocol which fixes the
vulnerability. Since we use a third-party OAuth library, we may need to
wait for a new release of that.

For more details, see this thread:

http://groups.google.com/group/Google-Accounts-API/browse_thread/thread/3415de32
6d394470

Original issue reported on code.google.com by adrianqu...@gmail.com on 9 Jun 2009 at 6:18

[GoogleCodeExporter]

This looks like a higher priority than "low" to me....

Original comment by jthywissen on 4 Feb 2010 at 2:44

[GoogleCodeExporter]

Original comment by jthywissen on 19 Feb 2010 at 7:37

• Added labels: Priority-High
• Removed labels: Priority-Low

[GoogleCodeExporter]

Original comment by jthywissen on 19 Feb 2010 at 7:38

• Added labels: Milestone-1.1

[GoogleCodeExporter]

r1572 updates us to the most recent oauth.jars
Still need to enable the full 3-legged OAuth 1.0a exchange

Original comment by jthywissen on 2 Mar 2010 at 2:36

[GoogleCodeExporter]

Original comment by jthywissen on 3 Mar 2010 at 4:51

• Changed state: Started

[GoogleCodeExporter]

Fixed in r1579

Original comment by jthywissen on 3 Mar 2010 at 4:03

• Changed state: Fixed

[GoogleCodeExporter]

Original comment by jthywissen on 3 Mar 2010 at 5:59

• Changed state: Verified