oauth-1.0a icon indicating copy to clipboard operation
oauth-1.0a copied to clipboard

Published 20 hours ago verified publisher icon ddo

According to RFC5849 port number must be excluded from base string if it is the default

Open orontee opened this issue 8 years ago • 4 comments

3.4.1.2. Base String URI (...) 3. The port MUST be included if it is not the default port for the scheme, and MUST be excluded if it is the default. Specifically, the port MUST be excluded when making an HTTP request [RFC2616] to port 80 or when making an HTTPS request [RFC2818] to port 443. All other non-default port numbers MUST be included.

orontee avatar Sep 12 '17 23:09 orontee

you have issues with custom port (not 80 and 443) ?

ddo avatar Sep 13 '17 06:09 ddo

Since the default ports aren't stripped for the signature computation, the signature is wrong when the url co'tains ports

-- Matthias

Le 13 sept. 2017 08:51, "Ddo" [email protected] a écrit :

you have issues with custom port (not 80 and 443) ?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ddo/oauth-1.0a/issues/59#issuecomment-329075625, or mute the thread https://github.com/notifications/unsubscribe-auth/AB-GIk1Zb1NGyfmCV-qDCxS-vtZQuwvJks5sh3tlgaJpZM4PVZ4P .

orontee avatar Sep 13 '17 07:09 orontee

so if you input http://example.com:80 or https://example.com:443 it gonna be an issue?

ddo avatar Sep 13 '17 07:09 ddo

That's it.

-- Matthias

Le 13 sept. 2017 09:55, "Ddo" [email protected] a écrit :

so if you input http://example.com:80 or https://example.com:443 it gonna be an issue?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ddo/oauth-1.0a/issues/59#issuecomment-329088648, or mute the thread https://github.com/notifications/unsubscribe-auth/AB-GIuLCO-uzn2lkOPLqCS_CWBPMnyBeks5sh4pkgaJpZM4PVZ4P .

orontee avatar Sep 13 '17 15:09 orontee