requests-oauth icon indicating copy to clipboard operation
requests-oauth copied to clipboard

Published 20 hours ago verified publisher icon maraujop

Invalid signature generation with double encoding

Open justinfenn opened this issue 12 years ago • 2 comments

Using these settings, oauth-requests (with header_auth=True) and this oauth signer produce different signatures:

url: http://api.v3.factual.com/multi
parameters: queries=%7B%22query1%22%3A%22%2Ft%2Fplaces%3Ffilters%3D%257B%2522postcode%2522%253A%252290067%2522%257D%22%2C%22query2%22%3A%22%2Ft%2Fplaces%2Ffacets%3Ffilters%3D%257B%2522postcode%2522%253A%252290067%2522%257D%26select%3Dcategory%22%7D
consumer key: key
consumer secret: secret
# token and token secret are blank
timestamp: 1338404204
nonce: 38585129

The signer produces this oauth_signature "+1S2b8kxgOvJAUV90QjbYeB1i7k=" while oauth-requests produces "MWH9o1cwUOMhmrIpybbrsdi/eME=".

However, changing just the following settings seems to work.

parameters: queries=%7B%22query1%22%3A+%22%2Ft%2Fplaces%3Fq%3Dsushi%22%7D
nonce: 2555196

In this case both tools produce this signature: "tvSvg9hjL4ijuMT309h8EAVo44c=".

I'm not certain this is actually caused by the double url encoding, but after running a few tests that seems to be the trigger.

justinfenn avatar May 30 '12 19:05 justinfenn

Hi Justin,

I will try to look at this as soon as possible, looks like the problem is what you described. I willl try to work with factual API a test and a fix for it. Hopefully this weekend the farthest.

Cheers, Miguel

maraujop avatar Jun 21 '12 07:06 maraujop

Hi Miguel,

Thanks for looking into this. Has there been any recent progress on the issue?

justinfenn avatar Jul 13 '12 01:07 justinfenn