OAuth 3 legged authorization: step 3 request to get access token does not require request token secret to sign oauth signature

The request to get the access token does not require us to sign the request(oauth_signature in the request) with request token secret. It works if we sign the request just with consumer secret. Is it okay to just sign the request with consumer secret or we should sign it with request token secret? The reason I am asking is because I was able to get the access token from twitter without even signing the request with request token secret. And I could say that request token secret that I got in first step was never used and my complete 3 legged flow was working without the request token secret. The access token I got from twitter was valid too. Can someone help me understand if it is must to sign the request with request token secret?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.