Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, the HMAC-SHA1 signature is the only crypto needed in OAuth 1.


Like literally every programming language should have an implementation of HMAC-SHA1 around and lacking that, at least a SHA1 implementation. It's pretty trivial to build HMAC-<HASHFUNCTION> if you have <HASHFUNCTION> around. A working python implementation is literally 12 lines long.

Now if you don't have a SHA1 implementation in your programming language, that's a different problem.


Huh, strange then, I really didn't find it that hard. Then again, the EC2 docs are pretty good.

Just decided with my boss we're going to roll with a hybrid approach. Spent too much time reading through all these standards and not enough time thinking and coding.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: