search

Jeff-Lewis / oauth-dot-net

Automatically exported from code.google.com/p/oauth-dot-net
0 stars 0 forks source link

OAuthParameters decodes before splitting, needs to do it the other way #9

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
In both of the Parse() methods:

 public static OAuthParameters Parse(HttpWebResponse response)
 public static OAuthParameters Parse(OAuthResource response)

The response gets HttpUtility.UrlDecode before splitting. This is incorrect
and causes problems with values that have encoded = and & in them.
Specifically, this causes problems with MySpace since their token seems to
have the extra padding on the end of the token.

Example of the data received from MySpace:

"oauth_token=7gX4FXjJ55oQYOMTe52UkiQMCUgpwR2JHlLibJhLr%2FfMp2uBUDVx2pox%2BnKa3tJ
vHoNrv0z%2B3WfvueAaizzKTA%3D%3D&oauth_token_secret=70b71404121f49618acee4a5bcd1e
8c9"

You can see the %3D%3D. In the current code. This will split and toss away
the "==" at the end of the token, making it invalid.

To correct this, something like this needs to be done. Split the items
first, and decode the data after the parameters are found.

                // fixing their code not to decode prematurely since that in fact is wrong
                // since there could be additional '&' characters in the data
                string decodedBody = bodyEncoding.GetString( ms.ToArray() );
                //string decodedBody = HttpUtility.UrlDecode(ms.ToArray(),
bodyEncoding);

                string[] nameValuePairs = decodedBody.Split(new char[] {
'&' }, StringSplitOptions.RemoveEmptyEntries);
                foreach (string nameValuePair in nameValuePairs)
                {
                    string[] nameValuePairParts = nameValuePair.Split(new
char[] { '=' }, StringSplitOptions.RemoveEmptyEntries);
                    if (nameValuePairParts.Length == 2)
                        bodyParams.Add(nameValuePairParts[0],
HttpUtility.UrlDecode( nameValuePairParts[1] ) );
                }

Original issue reported on code.google.com by christop...@gmail.com on 30 Oct 2008 at 4:02

GoogleCodeExporter commented 9 years ago 
With this change, the OAuth library works with MySpace. Before, it will not 
work.

Original comment by christop...@gmail.com on 30 Oct 2008 at 4:03

GoogleCodeExporter commented 9 years ago 
Implemented suggested change - available in the source control.

Original comment by chris.s....@gmail.com on 30 Jan 2009 at 1:46