Attempting to use the SimpleGeo API (http://simplegeo.com/), invoking the URL
http://api.simplegeo.com/1.0/context/address.json?address="1+Market+St,+San+Fran
cisco,+CA" fails, with the following error from SimpleGeo:
"Invalid signature: expected base signature:
GET&http%3A%2F%2Fapi.simplegeo.com%2F1.0%2Fcontext%2Faddress.json&address%3D%252
21%2520Market%2520St%252C%2520San%2520Francisco%252C%2520CA%2522%26oauth_callbac
k%3Dnull%26oauth_consumer_key%3DDKhqRNypNacwrefjWJSEsVYsmJMSG7V9%26oauth_nonce%3
D9127438362369930968%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D12
95886721%26oauth_token%3D"
Looking at the debug output, the base signature produced by OAuth.cls is:
GET&http%3A%2F%2Fapi.simplegeo.com%2F1.0%2Fcontext%2Faddress.json&address%3D%221
%2BMarket%2BSt%2C%2BSan%2BFrancisco%2C%2BCA%22%26oauth_callback%3Dnull%26oauth_c
onsumer_key%3DDKhqRNypNacwrefjWJSEsVYsmJMSG7V9%26oauth_nonce%3D91274383623699309
68%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1295886721%26oauth_t
oken%3D
The problem is that the double quotes and plus signs in the address parameter
value are not being properly decoded/encoded before being sorted and added to
the signature base. OAuth spec (RFC 5849) sections 3.4.1.3.1 and 3.4.1.3.2
specify that parameter names and values are decoded then encoded before being
sorted and concatenated; Section 3.6 specifies that space must be encoded as
%20 and not +.
Attached patch properly decodes/encodes parameter names and values as
specified, and works with SimpleGeo.
Original issue reported on code.google.com by metada...@gmail.com on 24 Jan 2011 at 4:39
Original issue reported on code.google.com by
metada...@gmail.comon 24 Jan 2011 at 4:39Attachments: