OAuth1 icon indicating copy to clipboard operation
OAuth1 copied to clipboard

Published 20 hours ago verified publisher icon WP-API

OAuth1 signature does not follow OAuth1 spec

Open AlexC opened this issue 9 years ago • 2 comments

The way WP-API/OAuth1 constructs the OAuth1 signature does not conform to the OAuth1 specification, making it impossible to use WP-API with this OAuth1 plugin.

For example, the parameter key and value should be rawurlencode() separately, not after the entire string has been constructed (as this'll encode "=" to "%3D"). The same goes for multidimensional arrays, it should not use [ or ] but the encoded version. The separator of these parameters should also not be encoded (at this stage).

The final string to sign ($string_to_sign) should now rawurlencode() the request URI and query string (the parameters).

Pull request to follow

AlexC avatar May 21 '15 11:05 AlexC

Alex, this is what i thought. I guess i didnt look that hard, or hadnt enough knowleadge to find, point and fix the problem, thou..... I was indeed already thnkink i was guilty for not signing correctly my requests....

Ive been waiting for this so long, i cant believe it.is happening.

Thank you, sire. You like a cyber knight, that comes running to rescue the cyber villagers.

Thank... You.... (ok, i may be overreacting a bit. But still, thank you) Em 21/05/2015 08:09, "Alex Cartwright" [email protected] escreveu:

The way WP-API/OAuth1 constructs the OAuth1 signature does not conform to the OAuth1 specification, making it impossible to use WP-API with this OAuth1 plugin.

For example, the parameter key and value should be rawurlencode() separately, not after the entire string has been constructed (as this'll encode "=" to "%3D"). The same goes for multidimensional arrays, it should not use [ or ] but the encoded version. The separator of these parameters should also not be encoded (at this stage).

The final string to sign ($string_to_sign) should now rawurlencode() the request URI and query string (the parameters).

Pull request to follow

— Reply to this email directly or view it on GitHub https://github.com/WP-API/OAuth1/issues/64.

romuloctba avatar May 21 '15 11:05 romuloctba

Haha, you're most welcome! See https://github.com/WP-API/OAuth1/pull/65 for the pull request. I've not tested it with multi dimensional arrays, though from what I understand of the spec it should work. But at least this plugin is now usable!

AlexC avatar May 21 '15 11:05 AlexC