Open rpuch opened 7 years ago
Thanks for your review! I'm currently working on implementing the changes you suggested.
I've made the changes you suggested. Also, openssl_sign error handling is added. Could you please review this change specifically? I'm not very familiar with Openssl extension in PHP.
Hi Matt! Is there anything missing from my side on this pull request?
@themattharris just bumping
RSA-SHA1 is a standard signature method defined by OAuth 1.0a. It is nice to have it implemented.
As for RSA-SHA256, it is non-standard, but now, when SHA1 is compromised in practice, RSA-SHA1 does not seem to provide enough security. Hence RSA-SHA256 may be useful for clients and servers that will to use asymmetric signatures and not suffer from a weak signature algorithm.
HMAC-SHA1 does not seem to be compromised, but HMAC-SHA256 (again, a non-standard signature method) support was added for completeness.