search

gladiopeace / opensocial-php-client

Automatically exported from code.google.com/p/opensocial-php-client
Apache License 2.0
0 stars 0 forks source link

Error in two legged OAuth signature generation #79

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Using 
$oauthRequest = OAuthRequest::from_request($method, $url, $params);

in line 91 of osapiOAuth2Legged.php can lead to incorrect signatures. To 
reproduce you have to secure the page making the request to the OpenSocial API 
through two legged OAuth with OAuth as well, which is a behaviour used in some 
OpenSocial Apps (through gadgets.io.makeRequest).

To fix change this line to:

$oauthRequest = new OAuthRequest($method, $url, $params);

Original issue reported on code.google.com by bashofm...@gmail.com on 7 Jan 2011 at 4:16

GoogleCodeExporter commented 9 years ago 
I'm running into this issue in a different situation, or I just didn't 
understand the description above ;)

Whenever the PHP script that has some (GET) parameters to it, makes an 
OpenSocial call the parameters to this page are actually added to the signature 
as well... which breaks as the server doesn't consider the same parameters to 
be part of the signature I guess...

The fix above also works for me. Not sure if this is a "clean" fix...

(Attached fix above as patch against trunk)

Original comment by mooknarf@gmail.com on 2 Mar 2011 at 8:12

Attachments: