Fixes for Flickr OAuth implementation. #22

Merged
merged 2 commits into from Mar 5, 2013

Conversation

Projects
None yet
4 participants
Contributor

lxcid commented Feb 10, 2013

:)

In Flickr OAuth implementation, 'oauth_token_secret' key is returned after 'oauth/request_token' request. The key is needed for signing 'oauth/access_token' request later and this commit attempts to fix it.

The current AFOAuth1Client implementation only assign accessToken after 'oauth/access_token' request. This may work for Twitter, but this will not work for Flickr.
The signing method looks for accessToken when attempting to build the secret key needed, so we had to wrap the following logic by temporary assigning accessToken with requestToken to trick the signing method to sign with the correct key.
After making this change, I ran the sample code and it seems to work well for twitter as well.

Flickr OAuth implementation are done through GET parameters instead of request header. Another fixed for Flickr OAuth implementation.

The URL are not built with the modified parameters (although its Authorization header is built with modified parameters).
This will not work for Flickr because its implementation depends on the query of the URL instead of the Authorization header.

Reference: http://www.flickr.com/services/api/auth.oauth.html

lxcid added some commits Feb 10, 2013

In Flickr OAuth implementation, 'oauth_token_secret' key is returned …
…after 'oauth/request_token' request. The key is needed for signing 'oauth/access_token' request later and this commit attempts to fix it.

The current AFOAuth1Client implementation only assign `accessToken` after 'oauth/access_token' request. This may work for Twitter, but this will not work for Flickr.
The signing method looks for `accessToken` when attempting to build the secret key needed, so we had to wrap the following logic by temporary assigning `accessToken` with `requestToken` to trick the signing method to sign with the correct key.
After making this change, I ran the sample code and it seems to work well for twitter as well.
Flickr OAuth implementation are done through GET parameters instead o…
…f request header. Another fixed for Flickr OAuth implementation.

The URL are not built with the modified parameters (although its Authorization header is built with modified parameters).
This will not work for Flickr because its implementation depends on the query of the URL instead of the Authorization header.

Reference: http://www.flickr.com/services/api/auth.oauth.html

dlackty commented Mar 3, 2013

@lxcid Thanks for this fix. I can verify this.
We implement a same fix for Plurk (Another OAuth service provider) after debugging for hours.

Several bug reports indicates that this is a general issues (e.g. Tumblr #15 / LinkedIn #17), and it seems like that Twitter is a special case that accepts signature signed without request token.

iamcam commented Mar 5, 2013

I can confirm this seems to work when attempting to auth Tumblr, but the only required line was number 308.

@mattt , can you take a look at accepting the pull request?

Thanks!

mattt added a commit that referenced this pull request Mar 5, 2013

Merge pull request #22 from lxcid/master
Fixes for Flickr OAuth implementation.

@mattt mattt merged commit 27b32cd into AFNetworking:master Mar 5, 2013

Contributor

mattt commented Mar 5, 2013

Thanks for the patch, @lxcid. Great work as usual :)

Apologies to everyone else for taking so long to merge this in. I'm going through all of the open pull requests now, and will tag a new release once I'm finished.

@mattt mattt referenced this pull request Mar 5, 2013

Closed

Tumblr OAuth 1.0a #15

iamcam commented Mar 6, 2013

Works like a charm!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment