search

SureshKekan / sfdc-oauth-playground

Automatically exported from code.google.com/p/sfdc-oauth-playground
0 stars 0 forks source link

Multiple URL values with same key name not supported #6

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Attempt to sign a request like "http://ws.server.com/contacts?key=2&key=1"

Expected: Should generate a base string that includes both keys, sorted by 
value.

Actual: includes only one value of "key" due to the use of a map to hold the 
key value pairs.

According to the OAuth spec 9.1.1: "Parameters are sorted by name, using 
lexicographical byte value ordering. If two or more parameters share the same 
name, they are sorted by their value"

I checked out revision 11 of the playground code as a starting point, but have 
heavily modified it for a simpler and more secure implementation in a managed 
package. It would be challenging for me to create a patch for this issue, but 
if that would help the cause, I could give it a shot.

Original issue reported on code.google.com by chuckg...@gmail.com on 19 Jul 2011 at 3:02

GoogleCodeExporter commented 8 years ago 
This is also the same in the latest OAuth spec release: 
http://tools.ietf.org/html/rfc5849#section-3.4.1.3.2

Original comment by chuckg...@gmail.com on 19 Jul 2011 at 3:13