diff -urp sites/all/modules/services/services_admin_browse.inc
--- sites/all/modules/services/services_admin_browse.inc	2008-08-12 00:36:40.000000000 +0530
+++ sites/all/modules/services/services_admin_browse.inc	2008-08-10 10:41:12.000000000 +0530
@@ -1,5 +1,5 @@
 <?php
-// $Id: services_admin_browse.inc,v 1.5.2.4 2008/05/03 01:00:35 marcingy Exp $
+// $Id: services_admin_browse.inc,v 1.5.2.3 2008/04/12 02:55:53 snelson Exp $
 
 /**
  * Callback for 'services/browse'.
@@ -113,6 +113,30 @@ function services_admin_browse_test() {
       case 'domain_time_stamp':
         $form['arg'][$key] = array('#type' => 'textfield', '#default_value' => time());
         break;
+      
+      case 'oauth_consumer_key':
+        $form['arg'][$key] = array('#type' => 'textfield', '#default_value' => $_SESSION['oauth']['key']);
+        break;
+      
+      case 'oauth_token':
+        $form['arg'][$key] = array('#type' => 'textfield', '#default_value' => $_SESSION['oauth']['oauth_access_token']);
+        break;
+      
+      case 'oauth_signature_method':
+        $form['arg'][$key] = array('#type' => 'textfield', '#default_value' => 'PLAINTEXT');
+        break;
+      
+      case 'oauth_signature':
+        $form['arg'][$key] = array('#type' => 'textfield', '#default_value' => 'Not Required for test calls');
+        break;
+      
+      case 'oauth_timestamp':
+        $form['arg'][$key] = array('#type' => 'textfield', '#default_value' => time());
+        break;
+      
+      case 'oauth_nonce':
+        $form['arg'][$key] = array('#type' => 'textfield', '#default_value' => generate_nonce());
+        break;
           
       default:
         $form['arg'][$key] = array('#type' => 'textfield');
@@ -176,6 +200,20 @@ function services_admin_browse_test_unse
   return $return;
 }
 
+
+/**
+ * to produce nonce for test calls 
+ *
+ * nonce is used for AOuth calls - it is random string used for uniqueness of call
+ */
+
+function generate_nonce() {
+    $mt = microtime();
+    $rand = mt_rand();
+
+    return md5($mt . $rand);
+}
+
 function theme_services_admin_browse_test($form) {
   $output = '';
   $output .= drupal_render($form['test']);
@@ -227,7 +265,14 @@ function services_admin_settings() {
     '#default_value' => variable_get('services_use_sessid', TRUE),
     '#description' => t('When enabled, all method calls must include a valid sessid. Only disable this setting if the application will user browser-based cookies.')
   );
-  
+  $check_oauth = module_exists('oauth');
+  $form['security']['services_use_oauth'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Use OAuth'),
+    '#default_value' => variable_get('services_use_oauth', FALSE),
+    '#description' => t('When enabled, all method calls must include OAuth parameters to validate for services call.'),
+    '#disabled' => !$check_oauth,
+  );
   $form['debug'] = array(
     '#title' => t('Debugging'),
     '#type' => 'fieldset',
diff -urp sites/all/modules/services/services.info
--- sites/all/modules/services/services.info	2008-08-12 00:36:40.000000000 +0530
+++ sites/all/modules/services/services.info	2008-08-03 15:06:02.000000000 +0530
@@ -4,9 +4,9 @@ description = Provide an API for creatin
 package = Services
 core = 6.x
 
-; Information added by drupal.org packaging script on 2008-06-18
-version = "6.x-0.9"
+; Information added by drupal.org packaging script on 2008-05-08
+version = "6.x-1.x-dev"
 core = "6.x"
 project = "services"
-datestamp = "1213826117"
+datestamp = "1210248504"
 
diff -urp sites/all/modules/services/services.module
--- sites/all/modules/services/services.module	2008-08-12 00:36:40.000000000 +0530
+++ sites/all/modules/services/services.module	2008-08-07 22:17:11.000000000 +0530
@@ -1,5 +1,5 @@
 <?php
-// $Id: services.module,v 1.8.2.9 2008/05/08 00:24:53 marcingy Exp $
+// $Id: services.module,v 1.8.2.8 2008/05/08 00:17:12 marcingy Exp $
 
 /**
  * @file
@@ -264,6 +264,22 @@ function services_method_call($method_na
     }
   }
   
+  if (variable_get('services_use_oauth', TRUE)) {
+    $consumer_key = array_shift($args);
+    $oauth_token = array_shift($args);
+    $oauth_signatutre_method = array_shift($args);
+    $oauth_signature = array_shift($args);
+    $oauth_timestamp = array_shift($args);
+    $oauth_nonce = array_shift($args);
+    // checking oauth parameters as per request to access resources
+    if(!check_nonce($oauth_nonce, $oauth_timestamp)){
+      return services_error(t('Nonce in use already, please try again.'));    
+    }
+    if (!services_validate_oauth($consumer_key, $oauth_token, $oauth_signatutre_method, $oauth_signature, $oauth_signatutre, $oauth_timestamp, $oauth_nonce) || !services_validate_oauth_permissions( $method_name, $oauth_token)) {
+      return services_error(t('Invalid OAuth request or requested service access denied please try verifying again.'));
+    }
+  }
+  
   // Add additonal processing for methods requiring authentication
   $session_backup = NULL;
   if ($method['#auth'] && variable_get('services_use_sessid', TRUE)) {
@@ -336,6 +352,43 @@ function services_get_all() {
       '#description' => t('Time stamp used to hash key.'),
     );
     
+    // OAuth call arg
+    $arg_oauth_key = array(
+      '#name' => 'oauth_consumer_key',
+      '#type' => 'string',
+      '#description' => t('OAuth key for consumer.'),      
+    );
+    
+    $arg_oauth_token = array(
+      '#name' => 'oauth_token',
+      '#type' => 'string',
+      '#description' => t('OAuth token for consumer.'),      
+    );
+        
+    $arg_oauth_signature_method = array(
+      '#name' => 'oauth_signature_method',
+      '#type' => 'string',
+      '#description' => t('OAuth signature method.'),      
+    );
+    
+    $arg_oauth_signature = array(
+      '#name' => 'oauth_signature',
+      '#type' => 'string',
+      '#description' => t('OAuth signature.'),      
+    );
+    
+    $arg_oauth_timestamp = array(
+      '#name' => 'oauth_timestamp',
+      '#type' => 'string',
+      '#description' => t('OAuth call timestamp'),      
+    );
+    
+    $arg_oauth_nonce = array(
+      '#name' => 'oauth_nonce',
+      '#type' => 'string',
+      '#description' => t('OAuth call nonce'),      
+    );
+    
     foreach ($methods as $key => $method) {
       
       // set method defaults
@@ -366,6 +419,16 @@ function services_get_all() {
         }
       }
       
+      
+      if (variable_get('services_use_oauth', TRUE)) {
+      	$methods[$key]['#args'] = array_merge(array($arg_oauth_nonce), $methods[$key]['#args']);
+        $methods[$key]['#args'] = array_merge(array($arg_oauth_timestamp), $methods[$key]['#args']);
+        $methods[$key]['#args'] = array_merge(array($arg_oauth_signature), $methods[$key]['#args']);
+        $methods[$key]['#args'] = array_merge(array($arg_oauth_signature_method), $methods[$key]['#args']);
+        $methods[$key]['#args'] = array_merge(array($arg_oauth_token), $methods[$key]['#args']);
+        $methods[$key]['#args'] = array_merge(array($arg_oauth_key), $methods[$key]['#args']);
+      }
+      
       // set defaults for args
       foreach ($methods[$key]['#args'] as $arg_key => $arg) {
         if (is_array($arg)) {
@@ -432,6 +495,51 @@ function services_validate_key($kid,$tim
   }    
 }
 
+// Validate a auth access call for services 
+function services_validate_oauth($consumer_key, $oauth_token, $oauth_signatutre_method, $oauth_signature, $oauth_signatutre, $oauth_timestamp, $oauth_nonce){
+	$consu_key = db_result(db_query("SELECT consumer_key FROM {oauth_token} WHERE token_key = '%s' AND type = 'access'", $oauth_token ));	
+		
+	if($consu_key == $consumer_key){
+		return TRUE;
+	}
+	else{
+		return FALSE;
+	}	
+}
+
+//to check that new nonce is used everytime
+function check_nonce($nonce, $timestamp) {/*{{{*/
+    // verify that the nonce is uniqueish
+    $found = lookup_nonce($nonce, $timestamp);
+    if ($found) {
+      return FALSE;
+    }
+    return TRUE;
+}
+  
+//to lookup nonce for oauth request 
+function lookup_nonce($nonce, $timestamp) {
+    $nonce_1 = db_result(db_query("SELECT nonce FROM {oauth_nonce} WHERE nonce_timestamp='%s'", $timestamp));
+    if (!$nonce_1) {
+      db_query("INSERT INTO {oauth_nonce} (nonce, nonce_timestamp) VALUES ('%s', %d)", $nonce, $timestamp);
+      return null;
+    }
+    return $nonce_1;
+}  
+
+// function returns TRUE or FALSE depending upon permissions granted by user for services access on their account during auth call 
+function services_validate_oauth_permissions( $method_name, $oauth_access_token){
+ $perm_serialized = db_result(db_query("SELECT services FROM {oauth_services} WHERE token_key = '%s'", $oauth_access_token ));
+ $perm_unserialized = unserialize($perm_serialized);
+ 	if($perm_unserialized[$method_name]['permission'] == 1){
+			return TRUE;
+		}
+		else{
+			return FALSE;
+			}
+}	
+
+
 function services_get_key($kid) {
   $keys = services_get_keys();
   foreach ($keys as $key) {
@@ -543,4 +651,3 @@ function services_session_unload($backup
   $user = $backup;
   session_decode($user->session);
 }
-
