-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Brackets escaped wrong in OauthTools.UrlEncodeRelaxed #1104
Comments
I think encoding parenthesis is not required at all and may be should be removed? |
I see, it is double encoding |
In the latest version the output is |
I still think, that it should get encoded to "242%2520%252868-7802%2529-2191". If we are using "242%20%2868-7802%29-2191" the REST-API, which we are working with, will return an oauth invalid signature exception. I also did some more testing:
Therefore I changed the code to run the RFC3986 escaping before the Uri.EscapeDataString() call. Since then everything works fine and not a single exception occured. Other people had problems with this behaviour too: |
Can you explain how |
Have a look at https://developer.twitter.com/en/docs/basics/authentication/guides/creating-a-signature.html The UrlSegment is part of the request parameters and therefore also part of the signature base string, which is used to calculate the OAuth signature. A wrong calculated OAuth signature results in an unauthorized OAuth request. "Make sure to percent encode the parameter string! The signature base string should contain exactly 2 ampersand ‘&’ characters. The percent ‘%’ characters in the parameter string should be encoded as %25 in the signature base string." That means for example "(" should get first encoded to "%28" and "%" should then get encoded to "%25" resulting in "%2528". |
Expected Behavior
If adding an UrlSegment to a RestRequest with brackets "(" or ")":
OauthTools.UrlEncodeRelaxed(string value) should return:
"...242%2520%252868-7802%2529-2191"
Actual Behavior
Actual returned value is:
"...242%2520%2868-7802%29-2191"
This causes invalid oauth signatures.
Steps to Reproduce the Problem
Specifications
Workaround
When I change the code to run the for-loop in UrlEncodeRelaxed before doing the Uri escaping, I get the expected behavior.
The text was updated successfully, but these errors were encountered: