OAuth 1.0: support URL form encoded parameters #1
Comments
wonderfly
added
type: feature request
|
From yan...@google.com on June 27, 2011 12:29:55 Labels: -Milestone-Version1.5.0 Milestone-Version1.6.0 |
|
From yan...@google.com on October 28, 2011 11:24:08 Labels: -Milestone-Version1.6.0 Milestone-Version1.7.0 |
|
From yan...@google.com on November 17, 2011 07:41:26 Labels: -Milestone-Version1.7.0 Milestone-Version1.8.0 |
|
From rishi.r....@gmail.com on January 17, 2012 13:50:27 Here's my stackoverflow question that Yaniv Inbar answered acknowledging the issue: http://stackoverflow.com/questions/8870670/using-google-api-java-client-on-android-a-post-request-does-not-seem-to-authent . I'm trying to change my Oauth client to pass app-specific data as application/json instead of application/x-www-urlencoded. I am mostly successful, with the exception that one of my HTTP requests (a specific API call into my App Engine app) fails - and only sometimes. |
|
From yan...@google.com on February 28, 2012 17:01:56 Labels: -Milestone-Version1.8.0 |
|
I've attached a quick hack to get OAuth1.0a working properly with POST method - some OAuth services use strict interpretation of spec and require oauth-signature to include POSTed parameters to be signed as well: /google-oauth-java-client/google-oauth-client/src/main/java/com/google/api/client/auth/oauth/OAuthParameters.java
82,86d80
< /**
< * Parameters that will be POSTed
< */
< public TreeMap<String,String> postParameters = null;
<
170,184d163
< }
< if(postParameters!=null){
< for (Map.Entry<String, String> entry : postParameters.entrySet()) {
< Object value = entry.getValue();
< if (value != null) {
< String name = entry.getKey();
< if (value instanceof Collection<?>) {
< for (Object repeatedValue : (Collection<?>) value) {
< putParameter(parameters, name, repeatedValue);
< }
< } else {
< putParameter(parameters, name, value);
< }
< }
< }Happy to contribute if you'd prefer. Cheers |
mattwhisenhunt
removed
the
priority: p1
From yan...@google.com on May 11, 2011 10:11:50
Copied from: https://code.google.com/p/google-api-java-client/issues/detail?id=95 Describe the problem.
Form encoded POST parameters are part of the signature base string and must be signed. Looking at OAuthAuthorizationHeaderIntercepter it is clear that the interceptor does not do this: it simply passes request method and URL to the OAuthParameters object. Consequently, the computed signature is wrong and the POST request fails.
This comes up when, e.g. tweeting using the Twitter API: their API expects a form encoded "status" parameter. GET requests using the OAuthAuthorizationHeaderIntercepter work fine.
How would you expect it to be fixed?
One possible fix would be to provide a second OAuthParameters#computeSignature that accepts a collection of additional parameters that form part of the signature base string. The OAuthAuthorizationHeaderIntercepter could then check the HttpRequest's method and in the case of a form encoded POST request pass the additional parameters to the #computeSignature method.
Comment 1 by project member yan...@google.com, Jan 8, 2011
Thanks for reporting this issue. This is actually a known limitation: http://javadoc.google-api-java-client.googlecode.com/hg/1.2.2-alpha/com/google/api/client/auth/oauth/package-summary.html But thanks for bringing it to my attention. We do want this OAuth library to work properly with the Twitter API.
Original issue: http://code.google.com/p/google-oauth-java-client/issues/detail?id=1
The text was updated successfully, but these errors were encountered: