Python: Oauth request Authorization header contains non-oauth prefixed params

[GoogleCodeExporter]

From 5.4.1 (http://oauth.net/core/1.0/#auth_header)

The authorization header contains oauth protocol parameters. These are ones 
that start with 
"oauth_", but in the python libs, the oauth header ends up containing even 
query string params.

What steps will reproduce the problem?
1. Use client.py (official oauth example python code) to make a GET request 
with one query 
string param in the url
2. Set http headers to oauth_request.to_header() for          
self.connection.request(oauth_request.http_method, oauth_request.http_url, 
headers=oauth_request.to_header())
3. Run GET request, the authorization header has "sort=date" as well

What is the expected output? What do you see instead?
While verification does not fail, it can mess up frameworks (like grails) that 
auto-populate the 
query string/post vars. Even in PHP for example, you would no longer be able to 
use the $_GET 
or $_POST superglobals to access those extra params

What version of the product are you using? On what operating system?
OS X, Python 2.5, Oauth python lib, custom groovy/grails-based provider using 
Java libs

Patch provided. (One-liner!)

Original issue reported on code.google.com by ashish.t...@gmail.com on 10 Jul 2008 at 3:36

Attachments:

• patch.diff

[GoogleCodeExporter]

Original comment by andyster on 15 Jul 2008 at 11:17

• Added labels: Lib-Python
• Removed labels: ****

[GoogleCodeExporter]

I ran into the same issue.

Original comment by naitiks@gmail.com on 5 Sep 2008 at 8:35

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

I too ran into the same issue.. so had to find a way around... I had to use

del oauth_request.parameters[param] # url query param to be removed

before calling oauth_request.to_header()

Original comment by kunalmsh...@gmail.com on 30 Oct 2008 at 8:01

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

I submitted a patch almost 4 months ago -- any status on whether this minute 
bug will be fixed or anything like 
that? Looks like others have faced the same issue and might be wasting time 
figuring out what the cause of this 
bug is.

Original comment by ashish.t...@gmail.com on 30 Oct 2008 at 8:17

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

I ran into the same issue, and ended up coding almost the same patch (although a
little bit uglier, like the php version). Any change of being fixed?

Original comment by bzanc...@gmail.com on 4 Nov 2008 at 2:12

• Added labels: ****
• Removed labels: ****

Attachments:

• patch.diff

[GoogleCodeExporter]

additionally, in order to use yahoo's yql webservice, I also had to modify the
"to_url()" method. I'm not sure if this change breaks anything else..

Cumulative patch attached.

Original comment by bzanc...@gmail.com on 1 Dec 2008 at 4:18

• Added labels: ****
• Removed labels: ****

Attachments:

• patch2.diff

[GoogleCodeExporter]

Original comment by leah.culver on 9 Jan 2009 at 12:30

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Thanks! This has been fixed. I'm not sure if the auth header should contain any
non-oauth params, so I hope nobody is expecting it to.

I'm not going to change the to_url() method. If this is a big problem, please 
file a
new ticket... this should probably be only oauth params - not the other way 
around.

Thanks all.

Original comment by leah.culver on 14 Jan 2009 at 8:33

• Changed state: Fixed
• Added labels: ****
• Removed labels: ****