Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Add oauth_body_hash #110

Closed
wants to merge 2 commits into
from

Conversation

Projects
None yet
3 participants
Owner

joestump commented Jul 29, 2015

@webjunkie thanks for the PR! @jaitaiwan can you take a look?

@joestump joestump commented on the diff Jul 29, 2015

oauth2/__init__.py
@@ -695,8 +707,9 @@ class Server(object):
version = OAUTH_VERSION
signature_methods = None
- def __init__(self, signature_methods=None):
+ def __init__(self, signature_methods=None, body_hashing=False):
@joestump

joestump Jul 29, 2015

Owner

Can we make this check_body_hashing? Or verify_body_hash?

Collaborator

jaitaiwan commented Jul 29, 2015

Is this the same issue as #138? If so, the body should always be hashed even if empty according to spec...

Owner

joestump commented Aug 2, 2015

@jaitaiwan that's true, but I don't think body hashing itself is part of the OAuth specification. In other words, if you implement it you need to do this, but the providers don't have to implement body hashing. At least that's how I've understood this PR.

@webjunkie webjunkie closed this Sep 20, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment