I have a spring social enabled app which I built using spring-social-samples as a reference. I successfully integrated facebook and Twitter but I am having trouble integrated with Sparklr(code) (https://github.com/SpringSource/spring-security-oauth/tree/master/samples/oauth/sparklr) and I am getting the following error.

[DEBUG] ProtectedResourceProcessingFilter - org.springframework.security.oauth.provider.Invali dOAuthParametersException: Missing signature method.

Here is the (code) (https://github.com/SpringSource/spring-security-oauth/blob/master/spring-security-oauth/src/main/java/org/springframework/security/oauth/provider/filter/OAuthProviderProcessingFilter.java#L315) which is throwing this error.

Spring-security-oauth comes with Sparklr(Service provider) and Tonr(Consumer). Everything works as expected when I try to authorize Tonr user against Sparklr. It fails when I try to authorize my app user against Sparklr.

Question really is, how is method signature sent? Is this some kind of configuration error in my app?

Thank you.

This is really more of a Spring Security OAuth question. Moving this thread to that forum.

I don't know much about OAuth 1.0 really, but from the spec it looks like oauth_signature_method is a mandatory parameter. Are you sending it? You should be able to tell by looking at the request in a debug tool (e.g. TCP monitor proxy). If you aren't sending it then there must be a problem at the client end. If you are sending it and it isn't being found on the server then it could be a problem on the server.

Spring Social is doing the heavy lifting for me as I am using it as a consumer. Spring social takes care of constructing the required request headers before sending a request. I am debugging it but not sure if I misconfigured something in Spring-Social. I will check the headers and will post my findings.

One difference that I see between working and non working case is, with spring social oauth_callback and consumer_key are sent as part of request for confirm_access where as with spring-security-consumer(tonr) only the oauth_token is sent.

Spring-social is sending
Location: http://localhost:8888/sparklr/oauth/confirm_access?oauth_token=d5d77f82-e998-490a-9d32-1feae874c5a7&oauth_callback=http%3A%2F%2Flocalhost%3A8080%2Fspr ing-social-showcase%2Fconnect%2Fssr&oauth_consumer_key=ssr-consumer-key

Tonr is sending
http://localhost:9090/sparklr/oauth/confirm_access?oauth_token=4f0311dc-f71e-4b04-9a7e-4a8f7dc9b8a1

Does it ring any bells?