Skip to content

Fix parameter encoding #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Dec 3, 2020
Merged

Fix parameter encoding #10

merged 4 commits into from
Dec 3, 2020

Conversation

@robertodoering
Copy link
Collaborator

@robertodoering robertodoering commented Nov 18, 2020

Hi @kaetemi,
there is an issue where some characters in the parameters don't get encoded properly, causing the oauth signature to be invalid.

This package uses the Uri.encodeComponent(param) to encode the params.
Uri.encodeComponent(param) encodes all characters except letters, numbers and -_.!~*'().
However the oauth1.0a specs define all characters except letters, numbers and -_.~ need to be percent-encoded (See https://oauth.net/core/1.0a/#encoding_parameters)

In this PR I simply replaced all occurrences of the characters that are not accounted for in Uri.encodeComponent(param) for with their percent encoded value.

I also added a changelog and raised the version number.

@robertodoering robertodoering mentioned this pull request Nov 18, 2020
Closed
@robertodoering
Copy link
Collaborator Author

robertodoering commented Dec 2, 2020

Hey @kaetemi, any plans to merge this?

@kaetemi
Copy link
Member

kaetemi commented Dec 2, 2020

Sorry, missed the PR mail. I'll check.

@kaetemi
Copy link
Member

kaetemi commented Dec 2, 2020

Looks OK, I'll merge it tomorrow.

Does that imply Uri.encodeComponent is not actually standards compliant?

@robertodoering
Copy link
Collaborator Author

robertodoering commented Dec 3, 2020

Thanks!
Uri.encodeComponent follows the RFC 2396 standard which specifies a set of characters to encode that differs from the RFC 3986 standard that oauth1 uses.
Basically oauth1 uses an older version of the URI standard and thus require some additional characters to be percent encoded.

@kaetemi
Copy link
Member

kaetemi commented Dec 3, 2020

Aha. Interesting. I wonder why, since that appears to be a very old draft of the same standard.

@kaetemi kaetemi merged commit 7af7241 into nbspou:fork/nbspou Dec 3, 2020
@kaetemi
Copy link
Member

kaetemi commented Dec 3, 2020

Pushed to pub, thanks! :)

@Mallikarjun7657 Mallikarjun7657 mentioned this pull request Dec 22, 2020
Open
@muccy muccy mentioned this pull request Jun 10, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@robertodoering @kaetemi