New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

include oauth_verifier as a header, not a parameter #1825

Merged
merged 1 commit into from Feb 13, 2014

Conversation

Projects
None yet
2 participants
@paulswartz
Contributor

paulswartz commented Feb 9, 2014

Per RFC 5849, the POST request for
the access token should not include a body, but instead include the
verifier as part of the "Authorization: OAuth" header. The current code
is broken for authentication against servers which verify the body of
the POST request (in particular, Fitbit has recently switched to this
verification).

include oauth_verifier as a header, not a parameter
Per [RFC 5849](http://tools.ietf.org/html/rfc5849), the POST request for
the access token should not include a body, but instead include the
verifier as part of the "Authorization: OAuth" header.  The current code
is broken for authentication against servers which verify the body of
the POST request (in particular, Fitbit has recently switched to this
verification).
@estark37

This comment has been minimized.

Contributor

estark37 commented Feb 10, 2014

Hi @paulswartz; I'm discussing this with the team and so far it looks to me like this is something we might want to take. In the meantime, would you be able to sign the Meteor CLA? https://contribute.meteor.com/

(We're supposed to have a bot that asks you to do this, but looks like our bot might be sickly right now.)

@paulswartz

This comment has been minimized.

Contributor

paulswartz commented Feb 10, 2014

@estark37 all set!

@estark37 estark37 merged commit d5b466e into meteor:devel Feb 13, 2014

1 check passed

default The author has signed the Meteor Contributor Agreement.
Details
@estark37

This comment has been minimized.

Contributor

estark37 commented Feb 13, 2014

Thanks @paulswartz, merged!

@paulswartz paulswartz deleted the paulswartz:oauth_verifier_fix branch Feb 13, 2014

@paulswartz

This comment has been minimized.

Contributor

paulswartz commented Feb 13, 2014

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment