You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@shindig.apache.org by "Arne Roomann-Kurrik (JIRA)" <ji...@apache.org> on 2009/10/23 01:17:59 UTC

[jira] Created: (SHINDIG-1206) PHP OAuth proxy generates invalid urls when signing via URL

PHP OAuth proxy generates invalid urls when signing via URL
-----------------------------------------------------------

                 Key: SHINDIG-1206
                 URL: https://issues.apache.org/jira/browse/SHINDIG-1206
             Project: Shindig
          Issue Type: Bug
          Components: PHP
            Reporter: Arne Roomann-Kurrik
            Priority: Minor


For a gadget with an OAuth block like:

<OAuth>
  <Service name="partuza">
  <Request url="http://www.partuza.nl/oauth/request_token" param_location="uri-query" />
  <Access url="http://www.partuza.nl/oauth/access_token" param_location="uri-query" />
  <Authorization url="http://www.partuza.nl/oauth/authorize" />
  </Service>
</OAuth>

The OAuth parameters should be stuffed into the request URL (as opposed to the authorization header) for the request and access requests.  However, PHP Shindig's OAuthFetcher calls OAuthUtil::addParameter (which as far as I can tell is a custom function, since it is only used by OAuthFetcher) which actually decodes the parameters (as opposed to url encoding them), causing an invalid signature error.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (SHINDIG-1206) PHP OAuth proxy generates invalid urls when signing via URL

Posted by "Arne Roomann-Kurrik (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SHINDIG-1206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Arne Roomann-Kurrik updated SHINDIG-1206:
-----------------------------------------

    Attachment: issue139042_1_2.diff

Code review: http://codereview.appspot.com/139042/show

> PHP OAuth proxy generates invalid urls when signing via URL
> -----------------------------------------------------------
>
>                 Key: SHINDIG-1206
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1206
>             Project: Shindig
>          Issue Type: Bug
>          Components: PHP
>            Reporter: Arne Roomann-Kurrik
>            Priority: Minor
>         Attachments: issue139042_1_2.diff
>
>
> For a gadget with an OAuth block like:
> <OAuth>
>   <Service name="partuza">
>   <Request url="http://www.partuza.nl/oauth/request_token" param_location="uri-query" />
>   <Access url="http://www.partuza.nl/oauth/access_token" param_location="uri-query" />
>   <Authorization url="http://www.partuza.nl/oauth/authorize" />
>   </Service>
> </OAuth>
> The OAuth parameters should be stuffed into the request URL (as opposed to the authorization header) for the request and access requests.  However, PHP Shindig's OAuthFetcher calls OAuthUtil::addParameter (which as far as I can tell is a custom function, since it is only used by OAuthFetcher) which actually decodes the parameters (as opposed to url encoding them), causing an invalid signature error.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SHINDIG-1206) PHP OAuth proxy generates invalid urls when signing via URL

Posted by "Chris Chabot (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SHINDIG-1206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chris Chabot resolved SHINDIG-1206.
-----------------------------------

    Resolution: Fixed
      Assignee: Chris Chabot

That must've taken some serious digging to track that down! Awesome fix, thanks Arne

> PHP OAuth proxy generates invalid urls when signing via URL
> -----------------------------------------------------------
>
>                 Key: SHINDIG-1206
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1206
>             Project: Shindig
>          Issue Type: Bug
>          Components: PHP
>            Reporter: Arne Roomann-Kurrik
>            Assignee: Chris Chabot
>            Priority: Minor
>         Attachments: issue139042_1_2.diff
>
>
> For a gadget with an OAuth block like:
> <OAuth>
>   <Service name="partuza">
>   <Request url="http://www.partuza.nl/oauth/request_token" param_location="uri-query" />
>   <Access url="http://www.partuza.nl/oauth/access_token" param_location="uri-query" />
>   <Authorization url="http://www.partuza.nl/oauth/authorize" />
>   </Service>
> </OAuth>
> The OAuth parameters should be stuffed into the request URL (as opposed to the authorization header) for the request and access requests.  However, PHP Shindig's OAuthFetcher calls OAuthUtil::addParameter (which as far as I can tell is a custom function, since it is only used by OAuthFetcher) which actually decodes the parameters (as opposed to url encoding them), causing an invalid signature error.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.