You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not for sure which library is at fault as I'm not sure what the specification is :-)
I'm trying to use the PHP version as a client and https://github.com/willdurand/BazingaOAuthServerBundle as the server. The problem I'm running into is the server is rejecting the client's call to request token because of an invalid signature. What I found is that this library is double encoding oauth_callback when included as a parameter.
So what the server expects as http%3A%2F%2F, it is receiving http%253A%252F%252F
In the php version, it is encoding the parameters in _normalizedParameters() then again when generating the sbs in _generateSignature(). The server creates the normalizedParameters without encoding then encodes the entire base string so that parameters are not double encoded.
Which is in the wrong? :-)
Thanks!
Alan
The text was updated successfully, but these errors were encountered:
Just as a FYI, I fixed to be compatible with the server by remove the _oauthEscape calls in _normalizedParameters() so that it's only encoded once via _generateSignature().
Huh, weird. I'm surprised that more end points haven't complained about that. It could well be that there are more than a few broken OAuth server libs out there, too.
Parameters should be normalized just once, so there's definitely a bug, thanks! If you want to submit a PR, go ahead, or I'll just update the various versions.
I'm not for sure which library is at fault as I'm not sure what the specification is :-)
I'm trying to use the PHP version as a client and https://github.com/willdurand/BazingaOAuthServerBundle as the server. The problem I'm running into is the server is rejecting the client's call to request token because of an invalid signature. What I found is that this library is double encoding oauth_callback when included as a parameter.
So what the server expects as http%3A%2F%2F, it is receiving http%253A%252F%252F
In the php version, it is encoding the parameters in _normalizedParameters() then again when generating the sbs in _generateSignature(). The server creates the normalizedParameters without encoding then encodes the entire base string so that parameters are not double encoded.
Which is in the wrong? :-)
Thanks!
Alan
The text was updated successfully, but these errors were encountered: