search

inhosin / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

OAuth Core 1.0 Revision A Compatibility #8

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
The codes does not seem to be compatible with OAuth Core 1.0 Revision A

Original issue reported on code.google.com by andreas....@gmx.net on 24 Jul 2009 at 6:53

GoogleCodeExporter commented 9 years ago 
Is anyone working on this? I need 1.0A compatibility.

Y.

Original comment by yonas.ya...@gmail.com on 30 Jul 2009 at 3:13

GoogleCodeExporter commented 9 years ago 
Revision 1.0A support is on our list of "things to do as soon as possible."

Though the engineer working on it is currently on holiday.  He will be back 
soon, I'll keep you posted on 
progress.

Original comment by ma...@pobox.com on 30 Jul 2009 at 5:51

GoogleCodeExporter commented 9 years ago 
If he'd like to see an example:

http://svn.codehaus.org/spring-security-oauth/trunk/spring-security-oauth/src/ma
in/java/org/springframework/security/oauth/provider/verifier/RandomValueInMemory
VerifierServices.java

http://svn.codehaus.org/spring-security-oauth/trunk/spring-security-oauth/src/ma
in/java/org/springframework/security/oauth/provider/verifier/

Original comment by yonas.ya...@gmail.com on 7 Aug 2009 at 8:27

GoogleCodeExporter commented 9 years ago 
Hey, will we see this implemented any time soon or do I have to fix it myself? 
:) 
Thanks!

Original comment by masterch...@googlemail.com on 1 Nov 2009 at 10:21

GoogleCodeExporter commented 9 years ago 
Does anyone know what changed in de specification revision 1.0A, maybe we can 
help 
you with some fixes?

Original comment by t.schme...@gmail.com on 27 Nov 2009 at 1:03

GoogleCodeExporter commented 9 years ago 
outh_verifier was added to avoid Man-in-the-middle attacks.

Original comment by andreas....@gmx.net on 27 Nov 2009 at 1:30

GoogleCodeExporter commented 9 years ago 
I'm looking into this. Did anybody write a patch yet? If so, please post and 
I'll
verify it and add to the next release.

Original comment by brunobg%...@gtempaccount.com on 12 Jan 2010 at 7:13

GoogleCodeExporter commented 9 years ago 
Note: somebody promised a patch. As soon as I get it, I'll add to the SVN and 
release
a new version.

Original comment by brunobg%...@gtempaccount.com on 18 Feb 2010 at 5:12

GoogleCodeExporter commented 9 years ago

Original comment by brunobg%...@gtempaccount.com on 18 Feb 2010 at 5:21

GoogleCodeExporter commented 9 years ago 
Has anything been done on this?

Original comment by dule...@gmail.com on 7 Mar 2010 at 5:18

GoogleCodeExporter commented 9 years ago 
I've been promised a patch by alexheimburger (see the wiki comments) but he has 
not
sent it yet. I currently lack the time to make the fix from scratch, so if 
anybody
would be willing to do it, I'd appreciate it, test it and package it...

Original comment by brunobg%...@gtempaccount.com on 8 Mar 2010 at 12:48

GoogleCodeExporter commented 9 years ago 
Hi everybody.

I've just emailed the patch to Bruno. Here is the mail I've just sent him.

Note that the patch has been coded against r64.

Hi Bruno,

I'm so sorry for being so late. Maybe you already have patched your version.

Anyway, here is my complete version of the oauth library and a diff file if you 
want
to patch.

Basically, I've added the oauth_verifier verification and a change in the 
callback
management.

You can track my changes by searching Compatibility in the source code.

Hope this helps. Happy coding :)

Alex

Here is the patch.

Original comment by alexheim...@gmail.com on 27 Mar 2010 at 2:40

Attachments:

GoogleCodeExporter commented 9 years ago 
Alex, thank you very much :) 

I'll add the patch to the SVN as soon as possible and release a new version.

Original comment by brunobg%...@gtempaccount.com on 29 Mar 2010 at 3:09

GoogleCodeExporter commented 9 years ago 
Cool :) 

By the way, we use the library in our day to day work in my company (blueKiwi
Sofware) and it rocks !

Original comment by alexheim...@gmail.com on 29 Mar 2010 at 4:16

GoogleCodeExporter commented 9 years ago 
The regular patch -pnum <patchfile doesn't apply that patch. Could you make that
patch with diff -u I'm having trouble applying.

Original comment by sirhcsen...@gmail.com on 1 Apr 2010 at 9:01

GoogleCodeExporter commented 9 years ago 
The patch won't apply, as it was made against r64 and several changes happened 
since.
I just committed release 102, which has this patch manually applied and revised.

Please let me know if it doesn't work to somebody. This is test code and should 
not
be used on production yet.

@alexheimburger: it seems you define a new field ost_verifier on TABLE
oauth_server_token, which from the code seems to be a 10-char long string, so I
defined it in the SQL as char(10). Anything else to add about this? Any other 
changes
to the DB schema?

Original comment by brunobg%...@gtempaccount.com on 5 Apr 2010 at 6:25

GoogleCodeExporter commented 9 years ago 
Has anyone tested the new code yet? Any success or failure reports would be
appreciated. Thanks.

Original comment by brunobg%...@gtempaccount.com on 9 Apr 2010 at 11:45

GoogleCodeExporter commented 9 years ago 
As changes are made to the database schema, it'd be good if the ALTER 
statements could be kept up-to-date as 
well.  It looks like it started happening at the top of this file, but hasn't 
been happening recently. 
http://code.google.com/p/oauth-php/source/browse/trunk/library/store/mysql/mysql
.sql

Also, I believe Google Code allows for code reviews -- you may consider turning 
those on to get additional 
feedback for each commit.

Original comment by philfreo on 20 Apr 2010 at 5:55

GoogleCodeExporter commented 9 years ago 
Right now it seems that the mysql.sql file is not up-to-date with the code.  I 
get a "Unknown column 
'ost_callback_url' in 'field list'"

Original comment by philfreo on 20 Apr 2010 at 6:19

GoogleCodeExporter commented 9 years ago 
Fixed comments #18 and #19. Thanks for the suggestion, I'll check the code 
review
feature.

Original comment by brunobg%...@gtempaccount.com on 20 Apr 2010 at 2:25

GoogleCodeExporter commented 9 years ago 
There seems to be a bug in the signature verification code, possibly caused by 
the
1.0a changes. I'm looking into it.

Original comment by brunobg%...@gtempaccount.com on 20 Apr 2010 at 4:00

GoogleCodeExporter commented 9 years ago 
Did someone test this? Does it work?

Original comment by fiedler....@gmail.com on 10 Jun 2010 at 10:14

GoogleCodeExporter commented 9 years ago 
I have tested. It seems to be 1.0a compatible -- I tested with other oauth 
clients and it worked. But I'd welcome more tests.

Original comment by brunobg%...@gtempaccount.com on 11 Jun 2010 at 9:16

GoogleCodeExporter commented 9 years ago 
If nothing is found by July 1st, I'll consider this one closed and post a new 
release.

Original comment by brunobg%...@gtempaccount.com on 21 Jun 2010 at 6:51

GoogleCodeExporter commented 9 years ago

Original comment by brunobg%...@gtempaccount.com on 6 Jul 2010 at 10:11