xiaoxiwu / oauth-dot-net

Automatically exported from code.google.com/p/oauth-dot-net
0 stars 0 forks source link

Plaintext is broke #11

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
When smoke testing with the EchoService, I wanted to test out the Plaintext 
provider however it does not work.  I was able to figure out how to wire in 
the plaintext provider into the EchoService.  

The problem lies in the PlaintextSigningProvider.cs and the CheckSignature 
method.  The variable expectedSignature is Rfc3986 encoded while the 
variable actualSignature is Rfc3986 decoded resulting in the expected and 
actual signature never matching.  The solution is to comment out 
actualSignature creation and assignment and replace the last line with return 
expectedSignature == signature;.

Maybe I'm missing something? Seems to work like a charm though!  :)

Original issue reported on code.google.com by jjo...@iupui.edu on 29 Dec 2008 at 6:59

GoogleCodeExporter commented 8 years ago
Confirmed and implemented fix as requested in trunk.

Original comment by chris.s....@gmail.com on 30 Jan 2009 at 2:02

GoogleCodeExporter commented 8 years ago
Is there not an identical issue with HmacSha1SigningProvider.cs? I am seeing 
frequent mismatches there as well and it still is using 
Rfc3986.Decode(signature).

Original comment by billyz...@yahoo.com on 16 Jul 2009 at 8:35

GoogleCodeExporter commented 8 years ago
Hi Billy thanks for getting in contact.  Can you provide some examples of the
parameters that are causing mismatches with the Hmac signature.

Original comment by chris.s....@gmail.com on 17 Jul 2009 at 8:12