search

geyrix57 / google-api-java-client

Automatically exported from code.google.com/p/google-api-java-client
0 stars 0 forks source link

OAuth compliant URL parameter encoding #113

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
External references, such as a standards document, or specification?
OAuth Core 1.0, Section 5.1

Java environments (e.g. Java 6, Android 2.2, App Engine 1.3.7, or All)?
AppEngine 1.4.0

Please describe the feature requested.

This issue is related to issue #95: When using form encoded HTTP parameters as 
part of the OAuth base string, characters have to be quoted in precisely the 
way specified by the OAuth Spec in section 5.1. Otherwise the signed base 
strings don't match.

It would be nice if, for example, PercentEscaper (or UrlEncodedContent) offered 
exactly this encoding.  Currently, the necessary auxiliary function is not 
provided by the library (nor by java.net.URLEncoder).  For accessing Google 
APIs using OAuth the problem does not arise as the OAuth headers are already 
encoded and do not contain any offending characters.

How would you expect it to be fixed?

A semantically correct, though somewhat slow implementation of the needed 
function is:

  public String urlEncode(String String) { 
    return URLEncoder.encode(s, "UTF-8").replace("+", "%20").replace("*", "%2A").replace("%7E", "~");
  }

Original issue reported on code.google.com by mathias.kegelmann on 8 Feb 2011 at 11:46

GoogleCodeExporter commented 9 years ago 
I'm running into this problem with the Dropbox API. When I have a left/right 
parenthesis in the path, they are not encoded by Google API Java Client, 
because it's hard coded to use:

com.google.api.client.util.escape.PercentEscaper.SAFEQUERYSTRINGCHARS_URLENCODER
 = "-_.!~*'()@:$,;/?:"

Original comment by tra...@circutus.com on 9 Jan 2012 at 6:32

GoogleCodeExporter commented 9 years ago 
Thanks for the feedback.

As far as I can tell the original issue is a duplicate of:
http://code.google.com/p/google-oauth-java-client/issues/detail?id=1

In other words, we should be encoding format-encoded HTTP parameters, but we 
are not.  Please let me know if that is not the case.

Note that it is not our goal to offer character-encoding functionality.  In 
fact, in hind-sight we wish we hadn't made this code public, and will likely 
remove it from this library in the future once character-encoding functionality 
is found in some third-party library that we can rely on.

I think the second issue raised here with the Dropbox API is a separate issue, 
because that refers to which URI query parameter characters should be encoded, 
not form-encoded parameters.  I would be surprised why not encoding '(' or ')' 
should be a problem, but I haven't had a chance to investigate it.  If you are 
seeing a problem, please file a bug here:

http://code.google.com/p/google-oauth-java-client/issues/entry

Original comment by yan...@google.com on 10 Jan 2012 at 1:54