peterclink / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

PHP library signature base string generation -- POST with query string doesn't work #215

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Issue a request such as this:

POST /oauth/example/request_token.php?a=b HTTP/1.1
Authorization: OAuth Realm="", oauth_consumer_key="key", oauth_nonce="745e0b7", 
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1317801949", 
oauth_version="1.0", oauth_signature="aWjI8BbfuKW99I%2FbFsSjRrHyme4%3D"
Connection: Close
Content-type: application/x-www-form-urlencoded
Host: term.ie
User-Agent: Mozilla/4.0 (compatible; iPhone OS 5.0; U; en-GB) eScapeCore/0.1.0 
MobileAuctions/1.0.0
Content-Length: 0

2. Wait for response

What is the expected output?
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2011 08:07:44 GMT
Server: Apache/2.2.17 (Debian)
X-Powered-By: PHP/5.3.3-7
Content-Length: 57
Connection: close
Content-Type: text/plain

oauth_token=requestkey&oauth_token_secret=requestsecret

What do you see instead?
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2011 08:07:44 GMT
Server: Apache/2.2.17 (Debian)
X-Powered-By: PHP/5.3.3-7
Content-Length: 746
Connection: close
Content-Type: text/html

Invalid signature
<hr />
OAuthRequest Object
(
    [parameters:OAuthRequest:private] => Array
        (
            [oauth_consumer_key] => key
            [oauth_nonce] => 745e0b7
            [oauth_signature_method] => HMAC-SHA1
            [oauth_timestamp] => 1317801949
            [oauth_version] => 1.0
            [oauth_signature] => aWjI8BbfuKW99I/bFsSjRrHyme4=
        )

    [http_method:OAuthRequest:private] => POST
    [http_url:OAuthRequest:private] => http://term.ie/oauth/example/request_token.php?a=b
    [base_string] => POST&http%3A%2F%2Fterm.ie%2Foauth%2Fexample%2Frequest_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D745e0b7%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1317801949%26oauth_version%3D1.0
)

What version of the product are you using? On what operating system?
I am unsure what version runs on term.ie.  I am using the term.ie service to 
debug another, separate issue I'm having with my own OAuth library.  It is a 
very useful service, but seems to be having issue handling POST requests with 
query strings.  Note that it is a very standard practice; Etsy and Twitter both 
use empty POST requests with query strings (and my code works with at least 
Twitter).  The operating system really shouldn't matter, but my OAuth library 
runs on Windows, Mac OS X, iPhone, and Solaris (All of which I would expect to 
have this same output).

Please provide any additional information below.
The term.ie service has been very helpful for me in testing my OAuth library so 
far, but this is a blocker for me.  I attempted to see what could cause this 
issue, but as I really don't know PHP I am afraid I cannot assist in writing a 
patch.

Original issue reported on code.google.com by AWil...@Wilcox-Tech.com on 5 Oct 2011 at 8:13

GoogleCodeExporter commented 8 years ago
Hello,

I ran into the same issue. Looks like the signature generation using 
"HMAC-SHA1" is not working

Cheers

Original comment by Jose...@gmail.com on 5 May 2012 at 8:32