maxwelldu / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

Using query strings causes signature verification failures #36

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Make HTTP request with query string as part of get e.g. 
http://dev.local/index?id=1
2. Signature verification fails

What is the expected output? What do you see instead?
Expect to see response, instead the signature verification fails.

What version of the product are you using? On what operating system?
Tested on revision 98 and 122 from SVN, running server on Ubuntu 10.04.

Please provide any additional information below.
If I change the request URL to http://dev.local/index/id/1 then everything 
works, but I have a 
large amount of code already using "standard" query strings.  I would like to 
be able to re-use 
that code instead of re-writing it.

Original issue reported on code.google.com by tommo...@gmail.com on 6 May 2010 at 2:32

GoogleCodeExporter commented 9 years ago
Are you using the client or the server? Do you know at what stage the 
verification fails?

Original comment by brunobg%...@gtempaccount.com on 6 May 2010 at 2:59

GoogleCodeExporter commented 9 years ago
I am only using the server code. For client code, I am using the Zend Framework 
(Zend_Oauth_Consumer). The 
failure happens when OAuthRequestVerifier::verifyExtended() is called.

Original comment by tommo...@gmail.com on 6 May 2010 at 3:02

GoogleCodeExporter commented 9 years ago
Has there been any progress on this? I noticed 
today that even when the authorization 
parameters are set in the header, the signature 
base string for verifyExtend shows them as a 
query string. This might be why the verification 
fails.  Just a guess though.

Original comment by tommo...@gmail.com on 12 May 2010 at 11:50

GoogleCodeExporter commented 9 years ago
Hi, sorry, I have been quite busy lately, so I haven't had time to check it 
yet...

Original comment by brunobg%...@gtempaccount.com on 17 May 2010 at 3:26

GoogleCodeExporter commented 9 years ago
Tom, I could not reproduce it here, so I need a little more information to 
track it
down. How do you set the authorization parameters in the header?

Can you also tell me the exact exception message? This will help me to track 
down
where the error happens. 

Original comment by brunobg%...@gtempaccount.com on 18 May 2010 at 1:28

GoogleCodeExporter commented 9 years ago
@tommoyer

There was a bug in OAuthRequest. Maybe that fixes this issue, too. Can you run 
you script against r132 please?

thx! André

Original comment by fiedler....@gmail.com on 15 Jun 2010 at 6:49

GoogleCodeExporter commented 9 years ago
Revision 132 fixes the problem. Thanks!

Original comment by tommo...@gmail.com on 21 Jun 2010 at 3:27

GoogleCodeExporter commented 9 years ago

Original comment by brunobg%...@gtempaccount.com on 21 Jun 2010 at 6:50