OAuth over HTTPS - Do I need to send signature when its a secure channel?


#1

Hello

I’m very noob. I’ve been reading the OAuth RFC and your documentation and I get the feeling that when using SSL I can send the Authorization headers in plaintext without all the encoding and signing, is this right?

Thanks

Luke


#2

I think this is OAuth 2.0, which Twitter were looking at but have gone quiet about since 6 months ago.


#3

Correct, we only support OAuth 1.0A at this time and require the usage of signatures in all contexts.