Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Add flag to disable signing multipart data with OAuth #30

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
3 participants
Contributor

shir commented Mar 7, 2013

Some servers expect what multipart data will be not included in OAuth
signature and signing it will cause authentication error.

Contributor

seivan commented Mar 28, 2013

Could you give an example on what would those be?
I took it all authenticated requests needed to be signed.

Contributor

shir commented Apr 2, 2013

For example rails library oauth-plugin expects what multipart params will be not included in oauth signature.

Contributor

mattt commented May 7, 2013

Thanks for the pull request, @shir. Some thoughts:

If it's the case that a particular server implements OAuth 1 with this quirk, then I'd say that it's up to the developer to subclass and override as necessary.

However, if there's anything in the OAuth 1 spec that calls for this behavior, then it should be default, without the property.

If you have the time, I'd be interested to know if the / any OAuth 1 specs mention this behavior. If so, please feel free to send a pull request with nil parameters being used to calculate the Authorization header on multipart requests. Thanks!

@mattt mattt closed this May 7, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment