Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth1 signature does not follow OAuth1 spec #64

Open
AlexC opened this issue May 21, 2015 · 2 comments
Open

OAuth1 signature does not follow OAuth1 spec #64

AlexC opened this issue May 21, 2015 · 2 comments

Comments

@AlexC
Copy link
Contributor

AlexC commented May 21, 2015

The way WP-API/OAuth1 constructs the OAuth1 signature does not conform to the OAuth1 specification, making it impossible to use WP-API with this OAuth1 plugin.

For example, the parameter key and value should be rawurlencode() separately, not after the entire string has been constructed (as this'll encode "=" to "%3D"). The same goes for multidimensional arrays, it should not use [ or ] but the encoded version. The separator of these parameters should also not be encoded (at this stage).

The final string to sign ($string_to_sign) should now rawurlencode() the request URI and query string (the parameters).

Pull request to follow
@romuloctba
Copy link

Alex, this is what i thought.
I guess i didnt look that hard, or hadnt enough knowleadge to find, point
and fix the problem, thou..... I was indeed already thnkink i was guilty
for not signing correctly my requests....

Ive been waiting for this so long, i cant believe it.is happening.

Thank you, sire.
You like a cyber knight, that comes running to rescue the cyber villagers.

Thank...
You....
(ok, i may be overreacting a bit. But still, thank you)
Em 21/05/2015 08:09, "Alex Cartwright" [email protected] escreveu:

The way WP-API/OAuth1 constructs the OAuth1 signature does not conform to
the OAuth1 specification, making it impossible to use WP-API with this
OAuth1 plugin.

For example, the parameter key and value should be rawurlencode()
separately, not after the entire string has been constructed (as this'll
encode "=" to "%3D"). The same goes for multidimensional arrays, it should
not use [ or ] but the encoded version. The separator of these parameters
should also not be encoded (at this stage).

The final string to sign ($string_to_sign) should now rawurlencode() the
request URI and query string (the parameters).

Pull request to follow


Reply to this email directly or view it on GitHub
#64.

@AlexC
Copy link
Contributor Author

AlexC commented May 21, 2015

Haha, you're most welcome! See #65 for the pull request. I've not tested it with multi dimensional arrays, though from what I understand of the spec it should work. But at least this plugin is now usable!

@coderkevin coderkevin mentioned this issue Nov 6, 2015
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AlexC @romuloctba