URL form encoded parameters in POST requests are ignored by sign

[GoogleCodeExporter]

Version of google-api-java-client (e.g. 1.2.1-alpha)?
1.2.1-alpha (but looking at the source it's still there in the trunk)

Java environment (e.g. Java 6, Android 2.2, App Engine 1.3.7)?
AppEngine 1.4.0

Describe the problem.
Form encoded POST parameters are part of the signature base string and must be 
signed.  Looking at OAuthAuthorizationHeaderIntercepter it is clear that the 
interceptor does not do this: it simply passes request method and URL to the 
OAuthParameters object.  Consequently, the computed signature is wrong and the 
POST request fails.
This comes up when, e.g. tweeting using the Twitter API:  their API expects a 
form encoded "status" parameter. GET requests using the 
OAuthAuthorizationHeaderIntercepter work fine.

How would you expect it to be fixed?
One possible fix would be to provide a second OAuthParameters#computeSignature 
that accepts a collection of additional parameters that form part of the 
signature base string.  The OAuthAuthorizationHeaderIntercepter could then 
check the HttpRequest's method and in the case of a form encoded POST request 
pass the additional parameters to the #computeSignature method.

Original issue reported on code.google.com by mathias.kegelmann on 5 Jan 2011 at 7:15

[GoogleCodeExporter]

Thanks for reporting this issue.  This is actually a known limitation:

http://javadoc.google-api-java-client.googlecode.com/hg/1.2.2-alpha/com/google/a
pi/client/auth/oauth/package-summary.html

But thanks for bringing it to my attention.  We do want this OAuth library to 
work properly with the Twitter API.

Original comment by yan...@google.com on 8 Jan 2011 at 2:28

• Changed state: Accepted
• Added labels: Milestone-Version1.4.0, Priority-High, Type-Enhancement
• Removed labels: Priority-Medium, Type-Defect

[GoogleCodeExporter]

Original comment by yan...@google.com on 8 Jan 2011 at 6:26

• Added labels: Component-Auth

[GoogleCodeExporter]

Original comment by yan...@google.com on 11 Mar 2011 at 12:08

• Added labels: Milestone-Version1.5.0, Priority-Medium
• Removed labels: Milestone-Version1.4.0, Priority-High

[GoogleCodeExporter]

Moved to:
http://code.google.com/p/google-oauth-java-client/issues/detail?id=1

Original comment by yan...@google.com on 11 May 2011 at 5:12

• Changed state: WontFix