Permalink
Browse files

inside oauth.hmacsign: running rfc3986 on base_uri instead of just en…

…codeURIComponent.

Essentially, all I've really changed in terms of output is that the base_uri is
encoded with the rfc3986 function before being included in the sha1 base. I was
getting 401 errors with the LinkedIn API because my signatures were wrong when
I used [field selectors](https://developer.linkedin.com/documents/field-selectors)
in an api call.
  • Loading branch information...
1 parent 4a81507 commit 590452d6569e68e480d4f40b88022f1b81914ad6 Jeff Marshall committed Nov 5, 2012
Showing with 21 additions and 13 deletions.
  1. +21 −13 oauth.js
View
34 oauth.js
@@ -16,19 +16,27 @@ function rfc3986 (str) {
;
}
-function hmacsign (httpMethod, base_uri, params, consumer_secret, token_secret, body) {
- // adapted from https://dev.twitter.com/docs/auth/oauth
- var base =
- (httpMethod || 'GET') + "&" +
- encodeURIComponent( base_uri ) + "&" +
- Object.keys(params).sort().map(function (i) {
- // big WTF here with the escape + encoding but it's what twitter wants
- return escape(rfc3986(i)) + "%3D" + escape(rfc3986(params[i]))
- }).join("%26")
- var key = encodeURIComponent(consumer_secret) + '&'
- if (token_secret) key += encodeURIComponent(token_secret)
- return sha1(key, base)
+function hmacsign (httpMethod, base_uri, params, consumer_secret, token_secret) {
+ // adapted from https://dev.twitter.com/docs/auth/oauth and
+ // https://dev.twitter.com/docs/auth/creating-signature
+
+ var querystring = Object.keys(params).sort().map(function(key){
+ return key +"="+ params[key];
+ }).join('&');
+
+ var base = [
+ httpMethod ? httpMethod.toUpperCase : 'GET',
+ rfc3986(base_uri),
+ rfc3986(querystring),
+ ].join('&');
+
+ var key = [
+ consumer_secret,
+ token_secret || ''
+ ].map(rfc3986).join('&');
+
+ return sha1(key, base);
}
exports.hmacsign = hmacsign
-exports.rfc3986 = rfc3986
+exports.rfc3986 = rfc3986

0 comments on commit 590452d

Please sign in to comment.