search

ddo / oauth-1.0a

OAuth 1.0a Request Authorization for Node and Browser
MIT License
325 stars 116 forks source link

According to RFC5849 port number must be excluded from base string if it is the default #59

Open orontee opened 7 years ago

orontee commented 7 years ago

3.4.1.2. Base String URI (...)

  1. The port MUST be included if it is not the default port for the scheme, and MUST be excluded if it is the default. Specifically, the port MUST be excluded when making an HTTP request [RFC2616] to port 80 or when making an HTTPS request [RFC2818] to port 443. All other non-default port numbers MUST be included.
ddo commented 7 years ago

you have issues with custom port (not 80 and 443) ?

orontee commented 7 years ago

Since the default ports aren't stripped for the signature computation, the signature is wrong when the url co'tains ports

-- Matthias

Le 13 sept. 2017 08:51, "Ddo" notifications@github.com a écrit :

you have issues with custom port (not 80 and 443) ?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ddo/oauth-1.0a/issues/59#issuecomment-329075625, or mute the thread https://github.com/notifications/unsubscribe-auth/AB-GIk1Zb1NGyfmCV-qDCxS-vtZQuwvJks5sh3tlgaJpZM4PVZ4P .

ddo commented 7 years ago

so if you input http://example.com:80 or https://example.com:443 it gonna be an issue?

orontee commented 7 years ago

That's it.

-- Matthias

Le 13 sept. 2017 09:55, "Ddo" notifications@github.com a écrit :

so if you input http://example.com:80 or https://example.com:443 it gonna be an issue?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ddo/oauth-1.0a/issues/59#issuecomment-329088648, or mute the thread https://github.com/notifications/unsubscribe-auth/AB-GIuLCO-uzn2lkOPLqCS_CWBPMnyBeks5sh4pkgaJpZM4PVZ4P .