search

surjit / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

Python OAuth client library glitch #81

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
There is a glitch with the python client library example. Perhaps I am
using it incorrectly. Here is what I have found:

When requesting a request token from a server, the full uri is not being
appended as shown below:

Method, URI, Header information.
GET /request_token {'Authorization': 'OAuth realm="",
oauth_nonce="74554838", oauth_timestamp="1233887795",
oauth_consumer_key="CbTeysg%2FNLC2F434240301",
oauth_signature_method="HMAC-SHA1", oauth_version="1.0",
oauth_signature="CbTeysg%2FNLCGOc5d84lIcOgARj4%3D"'}
oauth_problem="signature_invalid" <-- notice invalid signature b/c of this

So I added the attached patch to add a build_absolute_uri method

now I send this through and all seems to work:

Method, url, header information.
GET http://www.someurl.com/request_token {'Authorization': 'OAuth realm="",
oauth_nonce="90125902", oauth_timestamp="1233887983",
oauth_consumer_key="CbTeysg%2FNLC2F434240301",
oauth_signature_method="HMAC-SHA1", oauth_version="1.0",
oauth_signature="HVVEdI5Klb174HRcb0Ghf%2Bir0fg%3D"'}

I would like to see more testing done on this. Perhaps I am doing something
wrong. I have tested this on 2 networks and found this to be the problem.

Original issue reported on code.google.com by macmicha...@gmail.com on 6 Feb 2009 at 3:27

Attachments:

GoogleCodeExporter commented 9 years ago 
Is that a patch for django-forum/admin.py ?  Doesn't appear to be related to the
OAuth client.

Original comment by rwilli...@gmail.com on 12 Feb 2009 at 12:20

GoogleCodeExporter commented 9 years ago 
My Apologies. Here is the correct patch.

Original comment by macmicha...@gmail.com on 12 Feb 2009 at 11:03

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by leah.culver on 17 Feb 2009 at 8:36

GoogleCodeExporter commented 9 years ago 
The SimpleOAuthClient is really an example and not meant to be used in 
production.
You can easily override oauth.OAuthClient to work better with relative urls 
(like
Django's request.path). If you're working with Django I would recomment 
checking out
django-oauth: http://code.welldev.org/django-oauth/wiki/Home

Hope that helps!

Original comment by leah.culver on 18 Feb 2009 at 12:08

GoogleCodeExporter commented 9 years ago 
Good Point. The link that you sent me on David's Django-oauth (great project) 
is not
intended for the client side usage. Its purposed as described is to create an 
api
system that would allow for other developers to tie into given protected 
resources. I
am actually using this right now on a couple of projects that I have worked on 
and is
working out great. However, I would like to see a generic library that would 
work
across the board. If the server-sided portion of OAuth is implemented 
correctly, then
a generic client library should not be an issue. Any reason why this would not 
work?
I think I will start a project for this.

Original comment by macmicha...@gmail.com on 23 Feb 2009 at 12:16