You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shindig.apache.org by "Arne Roomann-Kurrik (JIRA)" <ji...@apache.org> on 2009/10/23 01:17:59 UTC
[jira] Created: (SHINDIG-1206) PHP OAuth proxy generates invalid
urls when signing via URL
PHP OAuth proxy generates invalid urls when signing via URL
-----------------------------------------------------------
Key: SHINDIG-1206
URL: https://issues.apache.org/jira/browse/SHINDIG-1206
Project: Shindig
Issue Type: Bug
Components: PHP
Reporter: Arne Roomann-Kurrik
Priority: Minor
For a gadget with an OAuth block like:
<OAuth>
<Service name="partuza">
<Request url="http://www.partuza.nl/oauth/request_token" param_location="uri-query" />
<Access url="http://www.partuza.nl/oauth/access_token" param_location="uri-query" />
<Authorization url="http://www.partuza.nl/oauth/authorize" />
</Service>
</OAuth>
The OAuth parameters should be stuffed into the request URL (as opposed to the authorization header) for the request and access requests. However, PHP Shindig's OAuthFetcher calls OAuthUtil::addParameter (which as far as I can tell is a custom function, since it is only used by OAuthFetcher) which actually decodes the parameters (as opposed to url encoding them), causing an invalid signature error.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHINDIG-1206) PHP OAuth proxy generates invalid
urls when signing via URL
Posted by "Arne Roomann-Kurrik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-1206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arne Roomann-Kurrik updated SHINDIG-1206:
-----------------------------------------
Attachment: issue139042_1_2.diff
Code review: http://codereview.appspot.com/139042/show
> PHP OAuth proxy generates invalid urls when signing via URL
> -----------------------------------------------------------
>
> Key: SHINDIG-1206
> URL: https://issues.apache.org/jira/browse/SHINDIG-1206
> Project: Shindig
> Issue Type: Bug
> Components: PHP
> Reporter: Arne Roomann-Kurrik
> Priority: Minor
> Attachments: issue139042_1_2.diff
>
>
> For a gadget with an OAuth block like:
> <OAuth>
> <Service name="partuza">
> <Request url="http://www.partuza.nl/oauth/request_token" param_location="uri-query" />
> <Access url="http://www.partuza.nl/oauth/access_token" param_location="uri-query" />
> <Authorization url="http://www.partuza.nl/oauth/authorize" />
> </Service>
> </OAuth>
> The OAuth parameters should be stuffed into the request URL (as opposed to the authorization header) for the request and access requests. However, PHP Shindig's OAuthFetcher calls OAuthUtil::addParameter (which as far as I can tell is a custom function, since it is only used by OAuthFetcher) which actually decodes the parameters (as opposed to url encoding them), causing an invalid signature error.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SHINDIG-1206) PHP OAuth proxy generates invalid
urls when signing via URL
Posted by "Chris Chabot (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-1206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Chabot resolved SHINDIG-1206.
-----------------------------------
Resolution: Fixed
Assignee: Chris Chabot
That must've taken some serious digging to track that down! Awesome fix, thanks Arne
> PHP OAuth proxy generates invalid urls when signing via URL
> -----------------------------------------------------------
>
> Key: SHINDIG-1206
> URL: https://issues.apache.org/jira/browse/SHINDIG-1206
> Project: Shindig
> Issue Type: Bug
> Components: PHP
> Reporter: Arne Roomann-Kurrik
> Assignee: Chris Chabot
> Priority: Minor
> Attachments: issue139042_1_2.diff
>
>
> For a gadget with an OAuth block like:
> <OAuth>
> <Service name="partuza">
> <Request url="http://www.partuza.nl/oauth/request_token" param_location="uri-query" />
> <Access url="http://www.partuza.nl/oauth/access_token" param_location="uri-query" />
> <Authorization url="http://www.partuza.nl/oauth/authorize" />
> </Service>
> </OAuth>
> The OAuth parameters should be stuffed into the request URL (as opposed to the authorization header) for the request and access requests. However, PHP Shindig's OAuthFetcher calls OAuthUtil::addParameter (which as far as I can tell is a custom function, since it is only used by OAuthFetcher) which actually decodes the parameters (as opposed to url encoding them), causing an invalid signature error.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.