Closed GoogleCodeExporter closed 9 years ago
In -r761 I added a similar method getAuthorizationHeader. It expects the
caller to
provide a complete set of parameters, and returns the header value. Example
usage:
var message = {action: ..., method: ..., parameters: []};
OAuth.setTimestampAndNonce(message);
OAuth.SignatureMethod.sign(message);
var header = "Authorization: " + OAuth.getAuthorizationHeader("realm",
message.parameters);
Original comment by jmkrist...@gmail.com
on 14 Nov 2008 at 8:41
Thank you very much, I'll see if it fits and how.
Original comment by yoan.blanc
on 14 Nov 2008 at 8:48
Oops, I bungled my first attempt. -r762 should be better.
Original comment by jmkrist...@gmail.com
on 14 Nov 2008 at 10:05
-r763 adds a unit test and fixes more bugs.
Original comment by jmkrist...@gmail.com
on 16 Nov 2008 at 8:06
This bug has to be reopen as it's not fixed.
The new interface:
// action, method, parameters
OAuth.setTimestampAndNonce(message);
// consumerKey, consumerSecret, token, tokenSecret
OAuth.SignatureMethod.sign(message, accessor);
var header = OAuth.getAuthorizationHeader(realm, message);
And it's known to work ;-)
Changelog:
- I added back (again) the oauth_version,
- the token has to appear in the HTTP header but not in the baseString if empty.
One question, why setParameters, getParameters... ?
Original comment by yoan.blanc
on 19 Nov 2008 at 3:51
Attachments:
Original comment by jmkrist...@gmail.com
on 19 Nov 2008 at 6:07
-r764 is more useful, I hope.
Original comment by jmkrist...@gmail.com
on 19 Nov 2008 at 7:08
What about this important part:
+ if(!OAuth.getParameter(message, "oauth_token")) {
+ OAuth.setParameter(message, "oauth_token", "");
+ }
seen there:
http://code.google.com/p/oauth/source/browse/code/csharp/OAuthBase.cs#213
The spec says to only remove realm and oauth_signature but not oauth_token if
empty.
http://oauth.net/core/1.0/#anchor14
Cheers,
Original comment by yoan.blanc
on 19 Nov 2008 at 7:39
Here an Opera widget that connect to Google Calendar using OAuth. Widgets are
free
to do cross-domain stuff.
It contains a patch, with two things, very small, the second one applies to
Google
only, it's oAuth+Google...
// in: getAuthorizationHeader(
- if (name.indexOf("oauth_") == 0) {
+ // Scope is a google thing...
+ if (name.indexOf("oauth_") == 0 || name === "scope") {
What to do with that?
Cheers,
with is not t
Original comment by yoan.blanc
on 19 Nov 2008 at 11:20
Attachments:
Yet another patch, to deal with the "oauth_token" thing, the service uses the C#
library so maybe the mistake is there.
* baseString: should not contain oauth_token if empty
* http header: contains oauth_token even empty
--
Yoan
Original comment by yoan.blanc
on 20 Nov 2008 at 10:00
Attachments:
Yes, the C# library is wrong. I recommend you add oauth_token="" to the header
in
your application code, not the oauth.js library.
After some discussion, I think we arrived at a satisfactory oauth.js -r809. It
produces an Authorization header that contains only parameters whose names
begin
with 'oauth_'; that excludes 'scope'.
Original comment by jmkrist...@gmail.com
on 26 Nov 2008 at 9:50
Thanks for you work John!
Original comment by yoan.blanc
on 26 Nov 2008 at 10:30
Original issue reported on code.google.com by
yoan.blanc
on 14 Nov 2008 at 1:25Attachments: