Hi Dirk:
Good catch, thanks. I've checked-in a fix to the trunk.
Paul
On Mon, 2009-08-24 at 15:50 -0500, DirkM wrote:
> I believe there's a bug in the implementation of HMAC_SHA1 in the Jersey
> oauth-signature library.
> According to the spec, the consumer and token secrets should be percent
> encoded before being concatenated together:
> http://oauth.net/core/1.0a#anchor15
>
> The code doesn't do this, so any secret with an unusual character in it (or
> a space) will fail authentication.
> Dirk