You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@rave.apache.org by "Venkat (NEU)" <ne...@gmail.com> on 2013/06/17 16:11:18 UTC

DefaultOAuthStore Question

Hi

I am working on a gadget that uses OAuth. I am having trouble with the
basestring. Debugging through the code I was able to locate the place where
the issue might be. The method loadDefaultKey() in the DefaultOAuthStore
store is instantiating BasicOAuthStoreConsumerKeyAndSecret() which calls
the constructor which sets the oauthBodyHash to "true" always.

Is this intentional? What if there was no body that is being passed in and
all the params were in the request? is it necessary to calculate the body
hash in this case.


Thanks
Venkat

Re: DefaultOAuthStore Question

Posted by Matt Franklin <m....@gmail.com>.

On Mon, Jun 17, 2013 at 10:11 AM, Venkat (NEU) <ne...@gmail.com> wrote:

> Hi
>
> I am working on a gadget that uses OAuth. I am having trouble with the
> basestring. Debugging through the code I was able to locate the place where
> the issue might be. The method loadDefaultKey() in the DefaultOAuthStore
> store is instantiating BasicOAuthStoreConsumerKeyAndSecret() which calls
> the constructor which sets the oauthBodyHash to "true" always.
>

If I remember correctly, the OAuth 1.0a spec is slightly contradictory on
this subject.  In one part it says the body is to be included and in
another it is omitted in the example.  With this being the case, Shindig
defaults to hashing the body with the rest of the parameters.

In the end, I would support adding an additional configuration item to the
rave shindig properties that sets this boolean.

>
> Is this intentional? What if there was no body that is being passed in and
> all the params were in the request? is it necessary to calculate the body
> hash in this case.
>
>
> Thanks
> Venkat
>