Abstract OAuth Core 1.0 defines a protocol for delegating user access to Consumer applications without sharing the user's private credentials. Some consumer applications use the RSA_SHA1 signature method. To verify RSA_SHA1 signatures, Service Providers need to be in possession of an authentic copy of the consumer application's public key. Whenever a consumer application changes the private key it