search

Kong / insomnia

The open-source, cross-platform API client for GraphQL, REST, WebSockets, SSE and gRPC. With Cloud, Local and Git storage.
https://insomnia.rest
Apache License 2.0
34.36k stars 1.93k forks source link

Oauth 1.0 signature seems to be invalid with array-type query params #4407

Open rideron89 opened 2 years ago

rideron89 commented 2 years ago

Expected Behavior

Sending a GET request with array-type query parameters should succeed with Oauth 1.0 authorization. Example:

image

Query params:

?fields%5Bledger%5D=id,tenant&fields%5Btenant%5D=id,preferences

Actual Behavior

The specific (private) API I am using responds back with a 401 code (only in Insomnia) with the following message:

Invalid OAuth Request

My first thought was there might be a bug on the API side, but I tested this exact request in both Postman and HTTPie (using httpie-oauth) and both requests succeeded.

Requests in Insomnia work as normal with regular text parameters.

Here is the resulting authorization header from Postman:

OAuth oauth_consumer_key="[redacted key]",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1643126089",oauth_nonce="kCapbHcTN1S",oauth_version="1.0",oauth_signature="M04BE%2FaScc4iMtj5yLfGUUFNVlk%3D"

Here is the one from HTTPie:

OAuth oauth_nonce="181813793199661706071643129935", oauth_timestamp="1643129935", oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="[redacted key]", oauth_signature="K0yGpYBR8k1H4OH1Ob6f%2FVSwws8%3D"

Here is one from Insomnia:

OAuth oauth_consumer_key="[redacted key]", oauth_nonce="FsPvpZh5KmiEOQRCq1SDv2Fl1w9Ayjcu", oauth_signature="wmVFuppdTwC5uvP8GNeWZD%2FSb94%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1643127628", oauth_version="1.0"

Postman authentication settings:

image

Insomnia authentication settings:

image

Reproduction Steps

No response

Is there an existing issue for this?

Additional Information

No response

Insomnia Version

2021.7.2

What operating system are you using?

Windows

Operating System Version

Windows 11 Pro version 21H2

Installation method

download from insomnia.rest

Last Known Working Insomnia version

No response

filfreire commented 2 years ago

Hi @rideron89, thanks for reporting this! And sorry for the late reply!

We're looking at this in our Insomnia stream, and we're having trouble understanding how to reproduce this.

Would you be able to share some more details on what you expect as input and output for this issue?

evs-xsarus commented 2 years ago

Happens also when connecting to magento 2.4.4 Only with Postman, it's possible. Seems to go wrong when query parameters are set.

VincentMarmiesse commented 6 months ago

Hi there,

Any news on this issue?