python-oauth2 icon indicating copy to clipboard operation
python-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon joestump

Properly identify the Authorization header's Realm part.

Open erikvanzijst opened this issue 11 years ago • 5 comments
trafficstars

This broke authentication whenever any of the oauth_ parameters contained the substring "realm" anywhere.

erikvanzijst avatar Jan 06 '14 22:01 erikvanzijst

Good catch; you have a regression test (or an example request I can build one with?).

joestump avatar Jul 29 '15 03:07 joestump

@joestump love his tests :+1: (so do I)

jaitaiwan avatar Jul 29 '15 11:07 jaitaiwan

This is a great fix. It turns out that if (for example) the oauth_signature contains "realm" in the hash, it wouldn't be included in the params, which would be a nasty bug to track down.

@erikvanzijst I created the test for this on https://github.com/erikvanzijst/python-oauth2/pull/2. After you review and merge I think this is good to go.

rickhanlonii avatar Jul 29 '15 17:07 rickhanlonii

Thanks @rickhanlonii you're a boss!

jaitaiwan avatar Jul 29 '15 21:07 jaitaiwan

I pulled this PR into a new fork: https://github.com/TimSC/python-oauth10a

TimSC avatar Jan 13 '18 23:01 TimSC