Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Always send oauth_version=1.0, even when using 1.0a.

This is required by the spec (http://oauth.net/core/1.0/#auth_step1).
Many providers (including Google and Twitter) allow a value of either
1.0 or 1.0a here, but e.g. LinkedIn requires 1.0.

Closes #236.
  • Loading branch information...
commit 6e00a75a95dce06a28af949915e0194e61b1898e 1 parent 227ca88
@bdarnell bdarnell authored
Showing with 4 additions and 4 deletions.
  1. +3 −3 tornado/auth.py
  2. +1 −1  tornado/test/auth_test.py
View
6 tornado/auth.py
@@ -367,7 +367,7 @@ def _oauth_request_token_url(self, callback_uri=None, extra_params=None):
oauth_signature_method="HMAC-SHA1",
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(binascii.b2a_hex(uuid.uuid4().bytes)),
- oauth_version=getattr(self, "_OAUTH_VERSION", "1.0a"),
+ oauth_version="1.0",
)
if getattr(self, "_OAUTH_VERSION", "1.0a") == "1.0a":
if callback_uri == "oob":
@@ -409,7 +409,7 @@ def _oauth_access_token_url(self, request_token):
oauth_signature_method="HMAC-SHA1",
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(binascii.b2a_hex(uuid.uuid4().bytes)),
- oauth_version=getattr(self, "_OAUTH_VERSION", "1.0a"),
+ oauth_version="1.0",
)
if "verifier" in request_token:
args["oauth_verifier"] = request_token["verifier"]
@@ -488,7 +488,7 @@ def _oauth_request_parameters(self, url, access_token, parameters={},
oauth_signature_method="HMAC-SHA1",
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(binascii.b2a_hex(uuid.uuid4().bytes)),
- oauth_version=getattr(self, "_OAUTH_VERSION", "1.0a"),
+ oauth_version="1.0",
)
args = {}
args.update(base_args)
View
2  tornado/test/auth_test.py
@@ -172,7 +172,7 @@ def get(self, screen_name):
assert 'oauth_signature' in self.request.arguments
assert self.get_argument('oauth_consumer_key') == 'test_twitter_consumer_key'
assert self.get_argument('oauth_signature_method') == 'HMAC-SHA1'
- assert self.get_argument('oauth_version') == '1.0a'
+ assert self.get_argument('oauth_version') == '1.0'
assert self.get_argument('oauth_token') == 'hjkl'
self.write(dict(screen_name=screen_name, name=screen_name.capitalize()))

0 comments on commit 6e00a75

Please sign in to comment.
Something went wrong with that request. Please try again.