two-legged

I am using two legged OAuth for Google Contact Data API and generating token on each request. Is it advisable or Should I store token to reuse it next time ? Also, How to detect stale token ? I am using python. ( and Gdata Python Client Library ). Edit: Ok, I figure, the token is generated on client side with encrpytion and not collected from server side, so it is ok to generate token on each request. Am I correct ? and that means, the token never change for a user ( unless I change shared secret ) right ? I think that the two legged oauth scenario does not involve creating tokens. Tokens are

I have a rails 2.3.5 application with an API I wish to protect. There is no user - it is an app to app style webservice (more like an Amazon service than facebook), and so I would like to implement it using a two-legged OAuth approach. I have been trying to use the oauth-plugin server implementation as a start: http://github.com/pelle/oauth-plugin ...but it is built expecting three-legged (web redirect flow) oauth. Before I dig deeper into making changes to it to support two-legged, I wanted to see if there was an easier way, or if someone had a better approach for a rails app to implement

I am trying to create an Authentication Module in CSharp where I need to verify the Signature from the request using DotNetOpenAuth(DNOA) Library for 2 Legged OAuth which only has consumer Key and a Secret. If you have any sample implementation of 2 Legged OAuth using DNOA that would be helpful. If not, any ideas on how to implement would work too. Any help would be much appreciated. I wasn't able to get DNOA to work with 2-legged OAuth so I ended up making my own consumer using http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs as my base class to handle the signature signing. All you