scream78 / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

Python: Checking nonces needs access to the oauth_timestamp #133

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
According to the OAuth spec; a nonce "is unique for all requests with that
timestamp".
However, OAuthDataStore.lookup_nonce is passed only the consumer, token,
and nonce; none of which provide the relevant oauth_timestamp.
Hence, using the library as it stands, the nonce cannot actually be
validated as per the spec.

Original issue reported on code.google.com by raumkraut on 12 Oct 2009 at 12:30

GoogleCodeExporter commented 9 years ago

Original comment by morten.f...@gmail.com on 5 Jan 2010 at 11:35