I am currently working on revising the developer site documentation for the authorisation process. Presumably you were following the documentation here:
As for the problems you were having with OAuth signatures, I believe that is probably a bug on our side in checking the signatures. I had filed bug 1013126 about this, which I will see about making public.
Removing the email address from the sso-finished-so-get-tokens call means you won't hit the bug on this specific API call, but you might hit it in other places (e.g. the REST files API when manipulating files with certain characters in their name). Switching from OAuth HMAC-SHA1 signatures to PLAINTEXT should avoid the problem in all cases. The API calls are made over a secure connection, so it should offer adequate security.
I am currently working on revising the developer site documentation for the authorisation process. Presumably you were following the documentation here:
https:/ /one.ubuntu. com/developer/ account_ admin/issue_ tokens/ cloud
Which fails to mention that the email address is no longer required in that call. The new documentation on this process can be found here:
https:/ /one.ubuntu. com/developer/ account_ admin/auth/ otherplatforms
As for the problems you were having with OAuth signatures, I believe that is probably a bug on our side in checking the signatures. I had filed bug 1013126 about this, which I will see about making public.
Removing the email address from the sso-finished- so-get- tokens call means you won't hit the bug on this specific API call, but you might hit it in other places (e.g. the REST files API when manipulating files with certain characters in their name). Switching from OAuth HMAC-SHA1 signatures to PLAINTEXT should avoid the problem in all cases. The API calls are made over a secure connection, so it should offer adequate security.