Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

include oauth_verifier as a header, not a parameter #1825

Merged
merged 1 commit into from Feb 13, 2014

Conversation

@paulswartz
Copy link
Contributor

@paulswartz paulswartz commented Feb 9, 2014

Per RFC 5849, the POST request for
the access token should not include a body, but instead include the
verifier as part of the "Authorization: OAuth" header. The current code
is broken for authentication against servers which verify the body of
the POST request (in particular, Fitbit has recently switched to this
verification).

Per [RFC 5849](http://tools.ietf.org/html/rfc5849), the POST request for
the access token should not include a body, but instead include the
verifier as part of the "Authorization: OAuth" header.  The current code
is broken for authentication against servers which verify the body of
the POST request (in particular, Fitbit has recently switched to this
verification).
@estark37
Copy link
Contributor

@estark37 estark37 commented Feb 10, 2014

Hi @paulswartz; I'm discussing this with the team and so far it looks to me like this is something we might want to take. In the meantime, would you be able to sign the Meteor CLA? https://contribute.meteor.com/

(We're supposed to have a bot that asks you to do this, but looks like our bot might be sickly right now.)

@paulswartz
Copy link
Contributor Author

@paulswartz paulswartz commented Feb 10, 2014

@estark37 all set!

@estark37 estark37 merged commit d5b466e into meteor:devel Feb 13, 2014
1 check passed
1 check passed
@apollo-cla
default The author has signed the Meteor Contributor Agreement.
Details
@estark37
Copy link
Contributor

@estark37 estark37 commented Feb 13, 2014

Thanks @paulswartz, merged!

@paulswartz paulswartz deleted the paulswartz:oauth_verifier_fix branch Feb 13, 2014
@paulswartz
Copy link
Contributor Author

@paulswartz paulswartz commented Feb 13, 2014

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants