hwangjungseok / oauth-signpost

Automatically exported from code.google.com/p/oauth-signpost
0 stars 0 forks source link

Signature base string issue with 2-Legged scenario #14

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?

1. Try signing an HttpUrlConnection object without setting token and token-
secret parameters (that would be the case for 2 legged scenario)
2. Check the signature base string
3. Check the generated OAuth signature

What is the expected output? What do you see instead?

Signature base string should include "auth_token=&" as per section 9.1.1. 
of the OAuth specs. However, the auth_token is completely ignored due to 
being empty (which will always be true for 2-legged scenario) and is 
missing from the signature base string. 
The oAuth signature generated as a result is wrong. As a verification, it 
doesn't match the signature generated by the reliable online resource - 
http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html

What version of the product are you using? On what operating system?
Latest as of yesterday (July 14, 2009)

Please provide any additional information below.

Original issue reported on code.google.com by a4amitar...@gmail.com on 14 Jul 2009 at 9:14

GoogleCodeExporter commented 8 years ago
On further analysis, I figured that if user explicitly sets access token and 
secret to 
empty string using method setTokenWithSecret(), things work fine. So, as a fix, 
the 
auth_token parameter should default to empty string and should be included in 
signature 
base string even if user fails to set it explicitly (or else, runtime error 
informing 
user token and secret need to be set explicitly should be thrown). Generating a 
wrong 
signature base string is definitely not the correct behavior.

Original comment by a4amitar...@gmail.com on 14 Jul 2009 at 9:33

GoogleCodeExporter commented 8 years ago

Original comment by m.kaepp...@gmail.com on 14 Jul 2009 at 9:36

GoogleCodeExporter commented 8 years ago
This issue was closed by r60.

Original comment by m.kaepp...@gmail.com on 19 Jul 2009 at 9:52