headers.canonical_string always includes http_method

mgomes / api_auth

HMAC authentication for Rails and HTTP Clients

MIT License

480 stars 147 forks source link

headers.canonical_string always includes http_method #129

Closed DiegoSalazar closed 7 years ago

DiegoSalazar commented 7 years ago

The with_http_method option is ignored by ApiAuth::Headers#canonical_string which breaks older clients that are not yet including the http_method in their canonical_string.

https://github.com/mgomes/api_auth/blob/master/lib/api_auth/headers.rb#L57

kjg commented 7 years ago

This is the expected behavior of v2.x which is backward incompatible with clients that don't include the http_method. The server side code needs to be using 1.4.x or 1.5.x in order to handle both versions of canonical_string.

Checkout our upgrade strategy for more info https://github.com/mgomes/api_auth/blob/master/CHANGELOG.md#140-2015-12-16

DiegoSalazar commented 7 years ago

Is v1.5 compatible with Rails 5?

kjg commented 7 years ago

I have not tested v1.5 against rails 5, but I don't think there have been any rails specific changes made to ApiAuth since v1.5 other than accounting for this deprecation .

Therefore I believe v1.5 should work with rails 5, but if not, I'd be happy to release a new 1.x with any fixes needed. Just let me know. Thanks!