rayburgemeestre
commented
10 years ago I was just told that this is how Oauth 1.0a worked. So probably my fix breaks Oauth 2.0, this PR can probably be closed/ignored..
Open rayburgemeestre opened 10 years ago
rayburgemeestre
commented
10 years ago I was just told that this is how Oauth 1.0a worked. So probably my fix breaks Oauth 2.0, this PR can probably be closed/ignored..
Reason for this fix: communication against a more strict OAuth server will deny the requests due to possible replay attack, as the same nonce token is used for the request/access & actual call for the resource.
I didn't solve this inside the Signature class because I think that class should not do anything by itself.
Only fixed this for Two Legged Oauth, but perhaps we should fix this in all places where a Signature class is instantiated.
(If the logic is to be moved inside the Signature class, note that several unit tests will fail.)