mloc / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

C#: Tokens that include characters that need encoding produce invalid signatures #195

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
1. Make an OAuth request using a token that contains a character that should be 
URL-encoded (e.g. a base64 string that ends with "==")
2. The signature base will be invalid because it doesn't encode the OAuth 
parameters before calculating the signature base

Here's a patch (~line 248-257):

List<QueryParameter> parameters = GetQueryParameters(url.Query);
parameters.Add(new QueryParameter(OAuthVersionKey, UrlEncode(OAuthVersion)));
parameters.Add(new QueryParameter(OAuthNonceKey, UrlEncode(nonce)));
parameters.Add(new QueryParameter(OAuthTimestampKey, UrlEncode(timeStamp)));
parameters.Add(new QueryParameter(OAuthSignatureMethodKey, 
UrlEncode(signatureType)));
parameters.Add(new QueryParameter(OAuthConsumerKeyKey, UrlEncode(consumerKey)));

if (!string.IsNullOrEmpty(token))
{
    parameters.Add(new QueryParameter(OAuthTokenKey, UrlEncode(token)));
}

Original issue reported on code.google.com by kam...@gmail.com on 15 Mar 2011 at 4:06

GoogleCodeExporter commented 8 years ago

Original comment by morten.f...@gmail.com on 29 Mar 2011 at 6:03