From 97fa26fce79f98d467edc1997b1a49df162bdb19 Mon Sep 17 00:00:00 2001
From: Pablo Fernandez <fernandezpablo85@gmail.com>
Date: Fri, 22 Jun 2012 13:27:30 -0300
Subject: [PATCH] do not include the token in the signature if it's empty

---
 src/main/java/org/scribe/model/Token.java      | 18 ++++++++++++++++++
 .../org/scribe/oauth/OAuth10aServiceImpl.java  | 12 ++++++++----
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/scribe/model/Token.java b/src/main/java/org/scribe/model/Token.java
index 286fec69d..f8f84cd31 100644
--- a/src/main/java/org/scribe/model/Token.java
+++ b/src/main/java/org/scribe/model/Token.java
@@ -57,4 +57,22 @@ public String toString()
   {
     return String.format("Token[%s , %s]", token, secret);
   }
+
+  /**
+   * Returns true if the token is empty (token = "", secret = "")
+   */
+  public boolean isEmpty()
+  {
+    return "".equals(this.token) && "".equals(this.secret);
+  }
+
+  /**
+   * Factory method that returns an empty token (token = "", secret = "").
+   *
+   * Useful for two legged OAuth.
+   */
+  public static Token empty()
+  {
+    return new Token("","");
+  }
 }
diff --git a/src/main/java/org/scribe/oauth/OAuth10aServiceImpl.java b/src/main/java/org/scribe/oauth/OAuth10aServiceImpl.java
index b847b2d77..00667979c 100644
--- a/src/main/java/org/scribe/oauth/OAuth10aServiceImpl.java
+++ b/src/main/java/org/scribe/oauth/OAuth10aServiceImpl.java
@@ -8,7 +8,7 @@
 
 /**
  * OAuth 1.0a implementation of {@link OAuthService}
- * 
+ *
  * @author Pablo Fernandez
  */
 public class OAuth10aServiceImpl implements OAuthService
@@ -20,7 +20,7 @@ public class OAuth10aServiceImpl implements OAuthService
 
   /**
    * Default constructor
-   * 
+   *
    * @param api OAuth1.0a api information
    * @param config OAuth 1.0a configuration param object
    */
@@ -88,8 +88,12 @@ public Token getAccessToken(Token requestToken, Verifier verifier)
   public void signRequest(Token token, OAuthRequest request)
   {
     config.log("signing request: " + request.getCompleteUrl());
-    request.addOAuthParameter(OAuthConstants.TOKEN, token.getToken());
 
+    // Do not append the token if empty. This is for two legged OAuth calls.
+    if (!token.isEmpty())
+    {
+      request.addOAuthParameter(OAuthConstants.TOKEN, token.getToken());
+    }
     config.log("setting token to: " + token);
     addOAuthParams(request, token);
     appendSignature(request);
@@ -110,7 +114,7 @@ public String getAuthorizationUrl(Token requestToken)
   {
     return api.getAuthorizationUrl(requestToken);
   }
-  
+
   private String getSignature(OAuthRequest request, Token token)
   {
     config.log("generating signature...");