server enhancement, accepted signature methods

[GoogleCodeExporter]

A service provider should be able to set the accepted signature methods.
For example I would like to accept PLAINTEXT only for SSL encrypted requests.

proposal:
extend OAuthRequestVerifier with a method
OAuthRequestVerifier->setAcceptedSignatureMethod() taking an array of
strings (the signature methods), saving this in a class variable. if null
is passed all supported methods are accepted and there is no filtering.

OAuthRequestVerifier->verify should check this value and filter the request
signature method and throw an error (just like how it is node in
OAuthRequest for available methods).

alternatively the opposite could be done and a ->setDeniedSignatureMethod()
added and filtering upon that.

-ueli

Original issue reported on code.google.com by uwe...@gmail.com on 17 Jul 2008 at 3:03

[GoogleCodeExporter]

comment to clear up the nature of this post: this is not a bug, it's just a
low-priority enhancement. Service Provider implementers can access
$r->getParam('oauth_signature_method') and filter the signature method 
themselves,
after initialization. 

Original comment by uwe...@gmail.com on 17 Jul 2008 at 3:19

[GoogleCodeExporter]

Sorry to react so late :-)   I didn't forget about your enhancement.  I like 
the idea to prevent PLAINTEXT with non 
SSL connections, makes a lot of sense.  I will check with scherpenisse about 
your suggestion and a possible way 
to do this.

Original comment by ma...@pobox.com on 25 Jan 2009 at 11:24

• Changed state: Accepted

[GoogleCodeExporter]

Fixed in SVN.

Original comment by brunobg%...@gtempaccount.com on 12 Jan 2010 at 7:19

• Changed state: Fixed
• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

This issue was closed by revision r69.

Original comment by brunobg%...@gtempaccount.com on 12 Jan 2010 at 7:19