Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rails3 sample app does not work with oauth_token query param #2

Closed
wireframe opened this issue Apr 21, 2011 · 5 comments
Closed

rails3 sample app does not work with oauth_token query param #2

wireframe opened this issue Apr 21, 2011 · 5 comments

Comments

@wireframe
Copy link
Contributor

ex:
curl -v -XGET 'localhost:3000/me?oauth_token=VMhkQHqCeJ4IdMJaxF6SzQ=='
@nov
Copy link
Owner

nov commented Apr 21, 2011

Ah, sorry.

The Rack::OAuth2's README was wrong.
Actually, it support "The OAuth 2.0 Protocol: Bearer Tokens"'s draft 04 not 03.
http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-04

The newest bearer token spec doesn't support "oauth_token" at all and use "bearer_token" instead.

@nov nov closed this as completed Apr 21, 2011
@wireframe
Copy link
Contributor Author

thanks for clarifying. i've been going though lots of oauth examples, and they were using the oauth_token param. according to the spec, the bearer_token should be supported as part of the query string. is this currently supported by the gem?
it does not appear to be accepted as a query param. ex:
curl -v -XGET 'http://localhost:3000/me?bearer_token=9NFyf9d2NM+jpfM0OBlCGw=='

but header and payload work fine. ex:
curl -v -XGET 'http://localhost:3000/me' -F bearer_token='9NFyf9d2NM+jpfM0OBlCGw=='
curl -v -XGET 'http://localhost:3000/me' -H 'Authorization: Bearer 9NFyf9d2NM+jpfM0OBlCGw=='

@nov
Copy link
Owner

nov commented Apr 21, 2011

Yes, bearer_token in query is supported.
You need to do URL encode for the value though.

@wireframe
Copy link
Contributor Author

Ah, perfect. that totally makes sense.

I realize that query param is not the preferred solution, and intended to
only use it during testing so it wasn't too big of a deal.

thanks again for the fast response!

On Thu, Apr 21, 2011 at 10:30 AM, nov <
reply@reply.github.com>wrote:

Yes, bearer_token in query is supported.
You need to do URL encode for the value though.

Reply to this email directly or view it on GitHub:
#2 (comment)

  • Ryan Sonnek
  • twitter: twitter.com/wireframe6464
  • phone: 949.351.7290

@nov
Copy link
Owner

nov commented Apr 21, 2011

No problem.

Since you use Ruby (= you can use HTTP header), I recommend you to use Authorization header anytime.
If you use Rack::OAuth2::AccessToken::Bearer, it always use the header.

nov

On Apr 22, 2011, at 1:17 AM, wireframereply@reply.github.com wrote:

Ah, perfect. that totally makes sense.

I realize that query param is not the preferred solution, and intended to
only use it during testing so it wasn't too big of a deal.

thanks again for the fast response!

On Thu, Apr 21, 2011 at 10:30 AM, nov <
reply@reply.github.com>wrote:

Yes, bearer_token in query is supported.
You need to do URL encode for the value though.

Reply to this email directly or view it on GitHub:
#2 (comment)

  • Ryan Sonnek
  • twitter: twitter.com/wireframe6464
  • phone: 949.351.7290

Reply to this email directly or view it on GitHub:
#2 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wireframe @nov