scream78 / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

Obj-C 1.0 Encoding parameters bug #68

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
The NSString + URLEncoding is not working properly when some characters are 
being encoded ( 
eg: "@" ). I've seen that the OAuth provider fails to match signatures because 
some of my 
parameters include characters that should be encoded but they are not. As a 
consequence of 
this, my signature base string and the one the provider uses to check the 
signature do not 
match. I've seen a fix for this in the Obc-c 2.0 OAuth Framework by Jon Crosby. 
These are the 
differences:

http://oauth.googlecode.com/svn/code/obj-c/OAuthConsumer/NSString+URLEncoding.m
encodes a set of characters in http://tools.ietf.org/html/rfc2396 AND ALSO 
:/=,!$&'()*+;[]@#?

http://oauth.googlecode.com/svn/code/obj-c1/OAuthConsumer/NSString+URLEncoding.m
encodes a set of characters in http://tools.ietf.org/html/rfc2396 AND ALSO :/=

I must admit at the beginning I didn't understand the problem because the 
discussion of the OSX 
Core Library documentation for CFURLCreateStringByAddingPercentEscapes says: 
"The characters 
escaped are all characters that are not legal URL characters (based on RFC 
2396), plus any (...)" 
but the RFC 2396 does not mention which are the legal /'non legal' characters.

Original issue reported on code.google.com by mar...@gmail.com on 26 Nov 2008 at 4:08

GoogleCodeExporter commented 9 years ago
I know I originally had problems with this as well with our internal OAuth 
provider.
I don't see the additional characters causing a problem. I can apply the patch 
or we
can get you write permissions if you have more changes.

Original comment by gffle...@aol.com on 1 Dec 2008 at 6:06

GoogleCodeExporter commented 9 years ago
I'll make the changes myself since I also have more changes related to memory 
leaks. 

Original comment by mar...@gmail.com on 1 Dec 2008 at 6:16

GoogleCodeExporter commented 9 years ago
Excellent! Thanks. Please see diff sent via email.

Original comment by gffle...@aol.com on 1 Dec 2008 at 6:41

GoogleCodeExporter commented 9 years ago
Fixed in changeset 818

Original comment by mar...@gmail.com on 2 Dec 2008 at 12:11