Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

fix for (null) at the end of the signing key #4

Merged
merged 2 commits into from

2 participants

@ahfarmer

Here is a fix for scenarios in which there is no auth token secret. For instance in step 1 of reverse auth. Prior to this fix the signing key had '(null)' appended to the end and the signature was invalid every time.

All this fix does is use the empty string for the auth token secret when one exists, instead of using '(null)'.

Thanks!
Andrew

Andrew Farmer added some commits
Andrew Farmer fix for scenarios in which there is no auth token secret. For instanc…
…e in step 1 of reverse auth. Prior to this fix the signing key had '(null)' appended to the end and the signature was invalid every time
e499a07
Andrew Farmer added an oauth authorization header generator that takes into account…
… the 'oauth_callback' parameter
b01d73d
@atebits atebits merged commit 72262d4 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 17, 2013
  1. fix for scenarios in which there is no auth token secret. For instanc…

    Andrew Farmer authored
    …e in step 1 of reverse auth. Prior to this fix the signing key had '(null)' appended to the end and the signature was invalid every time
  2. added an oauth authorization header generator that takes into account…

    Andrew Farmer authored
    … the 'oauth_callback' parameter
This page is out of date. Refresh to see the latest.
Showing with 19 additions and 4 deletions.
  1. +10 −1 OAuthCore.h
  2. +9 −3 OAuthCore.m
View
11 OAuthCore.h
@@ -7,10 +7,19 @@
#import <Foundation/Foundation.h>
-extern NSString *OAuthorizationHeader(NSURL *url,
+extern NSString *OAuthorizationHeader(NSURL *url,
NSString *method,
NSData *body,
NSString *_oAuthConsumerKey,
NSString *_oAuthConsumerSecret,
NSString *_oAuthToken,
NSString *_oAuthTokenSecret);
+
+extern NSString *OAuthorizationHeaderWithCallback(NSURL *url,
+ NSString *method,
+ NSData *body,
+ NSString *_oAuthConsumerKey,
+ NSString *_oAuthConsumerSecret,
+ NSString *_oAuthToken,
+ NSString *_oAuthTokenSecret,
+ NSString *_oAuthCallback);
View
12 OAuthCore.m
@@ -27,7 +27,11 @@ static NSInteger SortParameter(NSString *key1, NSString *key2, void *context) {
return [NSData dataWithBytes:buf length:CC_SHA1_DIGEST_LENGTH];
}
-NSString *OAuthorizationHeader(NSURL *url, NSString *method, NSData *body, NSString *_oAuthConsumerKey, NSString *_oAuthConsumerSecret, NSString *_oAuthToken, NSString *_oAuthTokenSecret)
+NSString *OAuthorizationHeader(NSURL *url, NSString *method, NSData *body, NSString *_oAuthConsumerKey, NSString *_oAuthConsumerSecret, NSString *_oAuthToken, NSString *_oAuthTokenSecret) {
+ return OAuthorizationHeaderWithCallback(url, method, body, _oAuthConsumerKey, _oAuthConsumerSecret, _oAuthToken, _oAuthTokenSecret, nil);
+}
+
+NSString *OAuthorizationHeaderWithCallback(NSURL *url, NSString *method, NSData *body, NSString *_oAuthConsumerKey, NSString *_oAuthConsumerSecret, NSString *_oAuthToken, NSString *_oAuthTokenSecret, NSString *_oAuthCallback)
{
NSString *_oAuthNonce = [NSString ab_GUID];
NSString *_oAuthTimestamp = [NSString stringWithFormat:@"%d", (int)[[NSDate date] timeIntervalSince1970]];
@@ -42,7 +46,9 @@ static NSInteger SortParameter(NSString *key1, NSString *key2, void *context) {
[oAuthAuthorizationParameters setObject:_oAuthConsumerKey forKey:@"oauth_consumer_key"];
if(_oAuthToken)
[oAuthAuthorizationParameters setObject:_oAuthToken forKey:@"oauth_token"];
-
+ if (_oAuthCallback)
+ [oAuthAuthorizationParameters setObject:_oAuthCallback forKey:@"oauth_callback"];
+
// get query and body parameters
NSDictionary *additionalQueryParameters = [NSURL ab_parseURLQueryString:[url query]];
NSDictionary *additionalBodyParameters = nil;
@@ -87,7 +93,7 @@ static NSInteger SortParameter(NSString *key1, NSString *key2, void *context) {
NSString *key = [NSString stringWithFormat:@"%@&%@",
[_oAuthConsumerSecret ab_RFC3986EncodedString],
- [_oAuthTokenSecret ab_RFC3986EncodedString]];
+ [_oAuthTokenSecret ab_RFC3986EncodedString] ?: @""];
NSData *signature = HMAC_SHA1(signatureBaseString, key);
NSString *base64Signature = [signature base64EncodedString];
Something went wrong with that request. Please try again.