You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@shindig.apache.org by "Arne Roomann-Kurrik (JIRA)" <ji...@apache.org> on 2009/10/23 01:19:59 UTC

[jira] Updated: (SHINDIG-1206) PHP OAuth proxy generates invalid urls when signing via URL

     [ https://issues.apache.org/jira/browse/SHINDIG-1206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Arne Roomann-Kurrik updated SHINDIG-1206:
-----------------------------------------

    Attachment: issue139042_1_2.diff

Code review: http://codereview.appspot.com/139042/show

> PHP OAuth proxy generates invalid urls when signing via URL
> -----------------------------------------------------------
>
>                 Key: SHINDIG-1206
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1206
>             Project: Shindig
>          Issue Type: Bug
>          Components: PHP
>            Reporter: Arne Roomann-Kurrik
>            Priority: Minor
>         Attachments: issue139042_1_2.diff
>
>
> For a gadget with an OAuth block like:
> <OAuth>
>   <Service name="partuza">
>   <Request url="http://www.partuza.nl/oauth/request_token" param_location="uri-query" />
>   <Access url="http://www.partuza.nl/oauth/access_token" param_location="uri-query" />
>   <Authorization url="http://www.partuza.nl/oauth/authorize" />
>   </Service>
> </OAuth>
> The OAuth parameters should be stuffed into the request URL (as opposed to the authorization header) for the request and access requests.  However, PHP Shindig's OAuthFetcher calls OAuthUtil::addParameter (which as far as I can tell is a custom function, since it is only used by OAuthFetcher) which actually decodes the parameters (as opposed to url encoding them), causing an invalid signature error.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.