craighooghiem / oauth-php

oAuth PHP
MIT License
0 stars 0 forks source link

Make urlencode operational in signaturemethods (oauth_signature) #84

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Request a request token to the Opera oauth system 
(http://www.opera.com/docs/apis/linkrest/oauthexamples/)

What is the expected output? What do you see instead?
Expected: a valid requesttoken
What the real result is: wrong signature.

What version of the product are you using? On what operating system?
php 5.3.2 / linux

Please provide any additional information below.
Opera oauth system doesn't accept urlencoded oauth_signature

Original issue reported on code.google.com by ourtechnology@gmail.com on 22 Nov 2010 at 3:03

GoogleCodeExporter commented 8 years ago
Hmmm... Since this is working in many places, I hesitate to remove urlencoding 
altogether. 

Apparently the problem is that OAuthRequest::signatureBaseString() should not 
urlencode oauth_signature. Do you think this would fix it?

BTW, would you mind posting your code to test against Opera? I'd like to add it 
to the examples in the distribution, under the MIT license.

Original comment by brunobg%...@gtempaccount.com on 23 Nov 2010 at 5:44

GoogleCodeExporter commented 8 years ago
No. Currently I changed in this file:  (witch is a dirty hack)
http://code.google.com/p/oauth-php/source/browse/trunk/library/OAuthRequestSigne
r.php?r=168#145 
this line:
$this->setParam('oauth_signature',               $signature, true);
in to:
$this->setParam('oauth_signature',       urldecode($signature), true);

The signature is twice urlencoded, in the implementation of 
OAuthSignatureMethod::signature and OAuthRequest::signatureBaseString()

Note: this is only tested with the opera api. You may test it yourself against 
other oauth servers.

Original comment by ourtechnology@gmail.com on 23 Nov 2010 at 9:44

GoogleCodeExporter commented 8 years ago
This does not work for me. The tests for google and twitter break.

Please post a test case for the Opera API, so I can see what is going on...

Original comment by brunobg%...@gtempaccount.com on 24 Nov 2010 at 3:13

GoogleCodeExporter commented 8 years ago
This is the code i'm using, you can request your application here: 
https://auth.opera.com/service/oauth/applications/

{{{
$store = OAuthStore::instance("PDO", array(
    'conn'=>Yii::app()->getComponent('operaoauth')->getPdoInstance() // Your own pdo instance
));

// Get the id of the current user (must be an int)
$user_id = 1;

// The server description
$server = array(
    'consumer_key' => '---',
    'consumer_secret' => '---',
    'server_uri' => 'http://my.opera.com/community/api/',
    'signature_methods' => array('HMAC-SHA1'),
    'request_token_uri' => 'https://auth.opera.com/service/oauth/request_token',
    'authorize_uri' => 'https://auth.opera.com/service/oauth/authorize',
    'access_token_uri' => 'https://auth.opera.com/service/oauth/access_token',
);

// Save the server in the the OAuthStore (only done once)
$consumer_key = $store->updateServer($server, $user_id);
// If the server is already known:
$consumer_key = '---';

$token = OAuthRequester::requestRequestToken($consumer_key, 
$user_id,array('oauth_callback'=>'oob')); // It should fail here...
}}}

Original comment by ourtechnology@gmail.com on 24 Nov 2010 at 7:14

GoogleCodeExporter commented 8 years ago
When I got a real (extended) example i will post it for the examples in the 
distribution.

Original comment by ourtechnology@gmail.com on 24 Nov 2010 at 7:15

GoogleCodeExporter commented 8 years ago
Thanks! I'll keep this issue open so we both remember about this Opera example 
:)

Original comment by brunobg%...@gtempaccount.com on 24 Nov 2010 at 7:55

GoogleCodeExporter commented 8 years ago
First version of the Opera example in the attachment.

Original comment by ourtechnology@gmail.com on 27 Nov 2010 at 2:01

Attachments:

GoogleCodeExporter commented 8 years ago
Thanks a lot! 

I added the test to the SVN version and also added a oauth_as_header parameter 
to the API to solve the first issue you described in the comments (r177). 

But I'm getting a 400, Wrong signature, whether I urldecode or not. I'm 
wondering if you made any other changes that you forgot to mention...

Original comment by brunobg%...@gtempaccount.com on 1 Dec 2010 at 2:45

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Here is a updated example, this should fix the 400 error. I've added the 
oauth_as_header option since the my opera api currently doesn't support the 
oauth header.

Don't forget to change the row in OAuthRequestSigner.php as mentioned in the 
comment in opera.php. Its tested with revision 179.

Original comment by ourtechnology@gmail.com on 17 Dec 2010 at 9:35

Attachments: