yahya800 / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

Empty oauth parameter is being stripped out, yielding broken signatures #143

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Send an oauth_token parameter with no value in a GET request and try to 
generate a sig

What is the expected output? What do you see instead?
Expected output is the correct hash, instead I get an incorrect hash 
generated using only a partial parameter set.

Please use labels and text to provide additional information.
This line strips out keys with no values.
parameters = cgi.parse_qs(param_str, keep_blank_values=False)

According to the spec at http://oauth.net/core/1.0/#anchor14 blank values 
are to be preserved when constructing the normalized query string.

What is the reason for keep_blank_values=False? Changing this to True fixed 
all the issues we were having. 

Original issue reported on code.google.com by dieselma...@gmail.com on 27 Jan 2010 at 11:31

GoogleCodeExporter commented 9 years ago
By the way, this is for the Python implementation, sorry for omitting that.

Original comment by dieselma...@gmail.com on 27 Jan 2010 at 11:34

GoogleCodeExporter commented 9 years ago
I have a github repository with the necessary patch:

http://github.com/malept/python-oauth

Original comment by mal...@gmail.com on 28 Jan 2010 at 7:53

GoogleCodeExporter commented 9 years ago

Original comment by morten.f...@gmail.com on 1 Mar 2010 at 7:12