OAuth Java library will sometimes generate an invalid signature

[GoogleCodeExporter]

I built an application that sends OAuth requests to Plaxo's (www.plaxo.com)
PortableContacts service.

During my testing, Plaxo would report that my OAuth requests had invalid
signatures:

Request
=======

[DEBUG] wire - >> "GET
/oauth/activate?oauth_token=token-c0cfd1f3-dcce-c3f6-b6ef-cff2d5cdc8d4&oauth_con
sumer_key=anonymous&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1226263081&
oauth_nonce=1226263081510316000&oauth_version=1.0&oauth_signature=hgwglBPIWKvW2t
yXHs532xvSjhI%3D
HTTP/1.1[EOL]"
[DEBUG] wire - >> "Host: www.plaxo.com[EOL]"

Response
========

[DEBUG] wire - << "HTTP/1.1 401 Authorization Required[EOL]"

[DEBUG] wire - << "Error 401: Invalid signature"

I inspected the request token secret String and noticed that the last
character of the String was a newline.

Here is the HTTP request where the request token was acquired:

Request
=======

GET
/oauth/request?oauth_consumer_key=anonymous&oauth_signature_method=HMAC-SHA1&oau
th_timestamp=1226269550&oauth_nonce=1226269550692508000&oauth_version=1.0&oauth_
signature=hj05qcDAlpy9q2PEF2rpqLcVwIk%3D

Response body
============

[DEBUG] wire - <<
"oauth_token=token-efffd6d2-ebc8-cdef-a8f6-d5f6c5c1c0f1&oauth_token_secret=secre
t-f3c9fff1-f2ff-cde9-a9f8-f1edf8c6e7e7[\n]"

Notice that Plaxo's response has a newline character at the end of the
response body.

I looked at OAuth.java and found the decodeForm method.  decodeForm is
where the response body content is converted to Parameter objects.

    public static List<Parameter> decodeForm(String form) {
        List<Parameter> list = new ArrayList<Parameter>();
        if (!isEmpty(form)) {
            for (String nvp : form.split("\\&")) {
                int equals = nvp.indexOf('=');
                String name;
                String value;
                if (equals < 0) {
                    name = decodePercent(nvp);
                    value = null;
                } else {
                    name = decodePercent(nvp.substring(0, equals));
                    value = decodePercent(nvp.substring(equals + 1));
                }
                list.add(new Parameter(name, value));
            }
        }
        return list;
    }

Perhaps OAuth Java should call the java.lang.String.trim() to eliminate the
trailing newline?

Original issue reported on code.google.com by sean%sea...@gtempaccount.com on 9 Nov 2008 at 11:23

[GoogleCodeExporter]

Seems like a good idea.  A newline that's part of the data should be encoded as 
%0A.

Original comment by jmkrist...@gmail.com on 12 Nov 2008 at 4:14

• Added labels: Lib-Java, Priority-Medium, Type-Enhancement

[GoogleCodeExporter]

Fixed in -r738.

Original comment by jmkrist...@gmail.com on 13 Nov 2008 at 5:11

• Changed state: Fixed

[GoogleCodeExporter]

Verified!  I tested the code against Yahoo Fire Eagle and against Plaxo Portable
Contacts.

Thanks for the quick fix!  

Original comment by sean%sea...@gtempaccount.com on 13 Nov 2008 at 8:55

[GoogleCodeExporter]

Original comment by jmkrist...@gmail.com on 13 Nov 2008 at 8:58

• Changed state: Verified