This changes the OAuth 1 HMAC signature generation to support query strings in the path that include special characters, and fixes query strings that use a PHP-style array syntax for the key.
For example, foo[bar]=1 would previously trigger an error, but is now handled correctly, encoding the key to foo%5Bbar%5D before hashing.
Encoding of query values is changed to use RFC 1738-style plus encoding, then full RFC 3986 encoding, which seems to match most implementations. This at least fixes values with spaces when authenticating against the Magento 2 REST API, and matches how Postman encodes the value in its HMAC process.
This changes the OAuth 1 HMAC signature generation to support query strings in the path that include special characters, and fixes query strings that use a PHP-style array syntax for the key.
For example,
foo[bar]=1
would previously trigger an error, but is now handled correctly, encoding the key tofoo%5Bbar%5D
before hashing.Encoding of query values is changed to use RFC 1738-style plus encoding, then full RFC 3986 encoding, which seems to match most implementations. This at least fixes values with spaces when authenticating against the Magento 2 REST API, and matches how Postman encodes the value in its HMAC process.