Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Add flag to disable signing multipart data with OAuth #30

Closed
wants to merge 1 commit into from

3 participants

@shir

Some servers expect what multipart data will be not included in OAuth
signature and signing it will cause authentication error.

@seivan

Could you give an example on what would those be?
I took it all authenticated requests needed to be signed.

@shir

For example rails library oauth-plugin expects what multipart params will be not included in oauth signature.

@mattt

Thanks for the pull request, @shir. Some thoughts:

If it's the case that a particular server implements OAuth 1 with this quirk, then I'd say that it's up to the developer to subclass and override as necessary.

However, if there's anything in the OAuth 1 spec that calls for this behavior, then it should be default, without the property.

If you have the time, I'd be interested to know if the / any OAuth 1 specs mention this behavior. If so, please feel free to send a pull request with nil parameters being used to calculate the Authorization header on multipart requests. Thanks!

@mattt mattt closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 7, 2013
  1. @shir
This page is out of date. Refresh to see the latest.
View
7 AFOAuth1Client/AFOAuth1Client.h
@@ -57,6 +57,13 @@ typedef enum {
*/
@property (nonatomic, strong) NSString *oauthAccessMethod;
+/** Disable including multipart data in OAuth signature.
+
+ Some servers expect what multipart data will be not included in OAuth
+ signature and signing it will cause authentication error.
+ */
+@property (nonatomic, assign, getter = isDisabledMultipartDataInOauth) BOOL disableMultipartDataInOauth;
+
///---------------------
/// @name Initialization
///---------------------
View
9 AFOAuth1Client/AFOAuth1Client.m
@@ -362,9 +362,12 @@ - (NSMutableURLRequest *)multipartFormRequestWithMethod:(NSString *)method
constructingBodyWithBlock:(void (^)(id <AFMultipartFormData> formData))block
{
NSMutableURLRequest *request = [super multipartFormRequestWithMethod:method path:path parameters:parameters constructingBodyWithBlock:block];
- [request setValue:[self authorizationHeaderForMethod:method path:path parameters:parameters] forHTTPHeaderField:@"Authorization"];
- [request setHTTPShouldHandleCookies:NO];
-
+
+ if (!self.isDisabledMultipartDataInOauth) {
+ [request setValue:[self authorizationHeaderForMethod:method path:path parameters:parameters] forHTTPHeaderField:@"Authorization"];
+ [request setHTTPShouldHandleCookies:NO];
+ }
+
return request;
}
Something went wrong with that request. Please try again.