weierophinney
commented
4 years ago @ezimuel Can you take a look at this, please?
Originally posted by @weierophinney at https://github.com/zendframework/ZendOAuth/issues/27#issuecomment-95311863
Closed weierophinney closed 3 years ago
weierophinney
commented
4 years ago @ezimuel Can you take a look at this, please?
Originally posted by @weierophinney at https://github.com/zendframework/ZendOAuth/issues/27#issuecomment-95311863
weierophinney
commented
4 years ago I've got the same problem with OAuth server of MasterCard for there MasterPass service.
According to the OAuth 1.0a standard the RSA-SHA1 signature has to be base64-encoded as stated in OAuth 1.0a Spec - 9.3.1. Generating Signature or OAuth RFC 1.0 Protocol - 3.4.3. RSA-SHA1
A solution without breaking the current implementation seems hard due to current structure copied from ZF1 and missing tests for RSA Signature class. I hope I can provide these tests today or tomorrow. Maybe I'll find a solution while testing.
Zend_Oauth_Signature_Rsa::sign() in ZF1 does a base64-encode
Originally posted by @JuEger at https://github.com/zendframework/ZendOAuth/issues/27#issuecomment-123308610
weierophinney
commented
4 years ago Yesterday I did some restructuring, refactoring and testing of the module. I'll create a push request as soon as I finished the restructuring. The structure now is the same as in other zf2 projects. Only some additional files (e.G. .travis.yml) are still missing.
In addition I found 2+1 possible solution which is backward compatible. 1) Add the possibility to use a different Zend\Crypt\PublicKey\Rsa object through ConfigInterface and than pass it through the Http\Utility to the Rsa Object. 2) Add the possibility to configure the base64-encoding behaviour within ConfigInterface and than pass it through the Http\Utility to the signature 3) Same as 2 but only for Rsa
Does anyone have other suggestions?
Originally posted by @JuEger at https://github.com/zendframework/ZendOAuth/issues/27#issuecomment-123581770
weierophinney
commented
3 years ago This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering Committee. If you have a security issue, please follow our security reporting guidelines. If you wish to take on the role of maintainer, please nominate yourself
If you are looking for an actively maintained package alternative, we recommend:
OAuth server
server response was
related config
In ZendOAuth\Signature 'binary_output' is hardcoded as true, but works only when false with the aboves.
(Was hard to debug from outside because of ZendOAuth\Http::startRequestCycle()'s logic
Originally posted by @sipicsg at https://github.com/zendframework/ZendOAuth/issues/27