search

bytespider / jsOAuth

JavaScript implimentation of the OAuth protocol. Currently supports version 1.0 (RFC5849) of the specification. Node.js & CommonJS compatible.
http://bytespider.github.com/jsOAuth/
MIT License
557 stars 109 forks source link

Unexpected OAuth.urlDecode behavior #45

Closed scyclops closed 10 years ago

scyclops commented 11 years ago

I was calling an OAuth REST API endpoint with a url that contained a GET parameter with spaces in it. The url encoder I was using encoded the spaces as plus symbols (+). When I passed the encoded url (eg. https://domain.com/docs?query=foo+bar ) to the getJSON method it decoded it in an unexpected way such that the plus symbol was left in place instead of being decoded to a space. Then, when the url was re-encoded before being request was made, the plus symbol was encoded as %2B which caused the server to think the character was a plus symbol instead of a space as was originally intended.

My solution to this was to use a different encoder that encoded spaces as %20 instead of plus symbols before passing the url to the OAuth library but I was wondering if this was intended behavior or accidental on the part of the OAuth library.

TL;DR

What happened: OAuth.urlDecode('a+b') === 'a+b'

What I expected: OAuth.urlDecode('a+b') === 'a b'

bytespider commented 11 years ago

Andrew. jsOAuth already handles the encoding and decoding of urls for you. What you're prob experiencing is double encoding. — Sent from Mailbox for iPhone

On Fri, Mar 15, 2013 at 7:46 PM, Andrew Trusty notifications@github.com wrote:

I was calling an OAuth REST API endpoint with a url that contained a GET parameter with spaces in it. The url encoder I was using encoded the spaces as plus symbols (+). When I passed the encoded url (eg. https://domain.com/docs?query=foo+bar ) to the getJSON method it decoded it in an unexpected way such that the plus symbol was left in place instead of being decoded to a space. Then, when the url was re-encoded before being request was made, the plus symbol was encoded as %2B which caused the server to think the character was a plus symbol instead of a space as was originally intended.
My solution to this was to use a different encoder that encoded spaces as %20 instead of plus symbols before passing the url to the OAuth library but I was wondering if this was intended behavior or accidental on the part of the OAuth library. TL;DR What happened: OAuth.urlDecode('a+b') === 'a+b' What I expected:

OAuth.urlDecode('a+b') === 'a b'

Reply to this email directly or view it on GitHub: https://github.com/bytespider/jsOAuth/issues/45

scyclops commented 11 years ago

It does look like the encoding is automatically handled if I use the request method and use the data option but I don't see a way to pass the GET parameters as an object when using either the get or getJSON convenience methods..

bytespider commented 11 years ago

You'll have to use request and handle the json parsing yourself. Its fairly simple JSON.parse(data); in your success  callback — Sent from Mailbox for iPhone

On Fri, Mar 15, 2013 at 7:57 PM, Andrew Trusty notifications@github.com wrote:

It does look like the encoding is automatically handled if I use the request method and use the data option but I don't see a way to pass the GET parameters as an object when using either the get or getJSON convenience methods..

Reply to this email directly or view it on GitHub: https://github.com/bytespider/jsOAuth/issues/45#issuecomment-14981585