craighooghiem / oauth-php

oAuth PHP
MIT License
0 stars 0 forks source link

sometimes protected resource (hello) doesnt work #4

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Get a request Token, 
2. Authorize the token
3. Access (hello)

What is the expected output? What do you see instead?
"Hello, world!"

Sometimes i see 
"OAuth Verification Failed: Verification of signature failed (signature base 
string was 
"GET&http%3A%2F%2Foauth%2Fhello&oauth_consumer_key%3Db613c535385ba5d852e453c31cd
39a180497bdbf5%26oauth_nonce%3D3254DD7C-183F-4CB1-9D20-
580FE2BBDFAF%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1232855178%26oauth_token%3Df81508e5447e12e7c484b6c2d3
391e410497bdf1c%26oauth_version%3D1.0")."

What version of the product are you using? On what operating system?
oauth-php-r50.tar.gz

Original issue reported on code.google.com by noms...@gmail.com on 25 Jan 2009 at 3:48

GoogleCodeExporter commented 8 years ago
ive attached a video.

Original comment by noms...@gmail.com on 25 Jan 2009 at 3:55

Attachments:

GoogleCodeExporter commented 8 years ago
Hello Nomspes,   Thank you for your report.

When possible I would like to see if you can gather some more information.  
Could you define OAUTH_LOG_REQUEST in your project and then check the entries 
in the log table?  There might be more 
information why the signature was not verified correctly.

The example you included shows a different nonce than the example in the 
problem report.  Can you give a 
screenshot where the request fails, including the Authorization header?

- Marc

Original comment by ma...@pobox.com on 25 Jan 2009 at 11:20

GoogleCodeExporter commented 8 years ago
Here you go.

Original comment by noms...@gmail.com on 25 Jan 2009 at 4:35

Attachments:

GoogleCodeExporter commented 8 years ago
I think I see the problem, which I assume is a problem with the application you 
use (Endpointr).

The signature in the Authorization header must be url encoded.  The trailing 
'=' is correctly encoded, but the '+' 
is not.   The '+' character must be url encoded, now it translates back to a 
space, which gives a mismatch when 
comparing the signatures.

Original comment by ma...@pobox.com on 25 Jan 2009 at 4:54

GoogleCodeExporter commented 8 years ago
ok make ssense, thanks :)

Original comment by noms...@gmail.com on 25 Jan 2009 at 7:27

GoogleCodeExporter commented 8 years ago
Hope this problem is resolved.  Will close this issue, as it appears to be a 
problem with a 3rd party application 
and not with the OAuth-PHP library.

Original comment by ma...@pobox.com on 26 Jan 2009 at 4:53