python-oauth2
python-oauth2 copied to clipboard
joestump
A fully tested, abstract interface to creating OAuth clients and servers.
According to http://oauth.net/core/1.0a/#rfc.section.9.1.2, URLs must be normalised before using for signatures. To fix it, it seems enough to change http://github.com/simplegeo/python-oauth2/blob/master/oauth2/__init__.py#LID292 to read: self.normalized_url = urlparse.urlunparse((scheme.lower(), netloc.lower(), path, None, None, None))...
Appears to require gmake rather than make, which I resolved by invoking via correct name (didn't see any hints to do this). The following: DEPS := $(shell find $(PWD)/deps -type...
get_normalized_parameters does not take into account the 2 legged OAuth with oauth params in the URL
hello, While tweaking around to get two legs OAuth working I realised that get_normalized_parameters in Request does not take into accoutn the case where the URL has oauth authentification GET...
The request() method in the Client class in oauth2/__init__py has this statement: is_multipart = method == 'POST' and headers.get('Content-Type', DEFAULT_CONTENT_TYPE) != DEFAULT_CONTENT_TYPE This means that content-types like "application/x-www-form-urlencoded; charset=utf-8" will...
When the http_url parameter is parsed to see if it contains any params, the paramsaren't removed from the url after being added to the parameters variable. Request.get_normalized_parameters() also parses the...
Integrated python-oauth2 with twisted framework. Twisted sets all headers names to lowercase while the oauth module expects uppercase 'Authorization'. Rather that a hack to revert the header before calling oauth...
Looks like this method doesn't really care if the timestamp is pointing to distant future. ``` def _check_timestamp(self, timestamp): """Verify that timestamp is recentish.""" timestamp = int(timestamp) now = int(time.time())...
The crux of the issue was reported at http://code.google.com/p/oauth/issues/detail?id=121. Basically the callback url that is generated does not include the token key - the consumer would have no idea which...
I am trying to do two legged authentication for a client and server (i am writing both). If you run the following code you will see that all entries are...
