Permalink
Browse files

Fix for encoding signature when using PLAINTEXT

  • Loading branch information...
1 parent 99e6259 commit 4654edc121b73e9335a58d94f940afbc10af79e3 @redbugz committed Sep 18, 2011
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/oauth.js
View
@@ -189,11 +189,11 @@ exports.OAuth.prototype._createSignature= function(signatureBase, tokenSecret) {
if( tokenSecret === undefined ) var tokenSecret= "";
else tokenSecret= this._encodeData( tokenSecret );
// consumerSecret is already encoded
- var key= this._consumerSecret + "&" + tokenSecret;
+ var key= this._encodeData(this._consumerSecret) + "&" + this._encodeData(tokenSecret);
var hash= ""
if( this._signatureMethod == "PLAINTEXT" ) {
- hash= this._encodeData(key);
+ hash= key;
}
else {
if( crypto.Hmac ) {

2 comments on commit 4654edc

Thank you for this, however does this break the other signature methods though ? Would it be possible for you to add a test case to cover it ?

This bug hit me too. I saw double encoding of the signature when trying to get protected resources from Yammer. Applying this diff fixed the issue.

Please sign in to comment.