omniauth-oauth icon indicating copy to clipboard operation
omniauth-oauth copied to clipboard

Published 20 hours ago verified publisher icon omniauth

Using application/x-www-form-urlencoded as the default request content type when getting access_token

Open jingkaihe opened this issue 9 years ago • 3 comments

First thank you for the awesome works!

Recently I am working on creating Open Bank Project OmniAuth strategy using omniauth-oauth, but keep hitting 401 unauthorized error during the get access token phase, which is using #get_access_token. Turned out if {} is not passed into #get_access_token as one of the arguments, code will run into this part and the Content-Type of the request would be missing, which kinda violate the rule of OAuth 1.0 according to http://tools.ietf.org/html/rfc5849#section-3.4.1.3.1, which says

The query component is parsed into a list of name/value pairs by treating it as an "application/x-www-form-urlencoded" string, separating the names and values and decoding them as defined by [W3C.REC-html40-19980424], Section 17.13.4.

This pull request fix the issue by implicitly declare the request body as "" and set the content type as application/x-www-form-urlencoded during the get access token phase.

jingkaihe avatar Nov 30 '15 22:11 jingkaihe

Looks like this fails on Ruby 1.8, which we technically still support.

sferik avatar Dec 01 '15 02:12 sferik

@sferik Tested using Ruby 1.8.7 against master branch locally. Got exact the same fail. Presumably something is broken.

vagrant@localhost:/vagrant/omniauth-oauth$ git rev-parse HEAD
9f4a4f136c46eec96cb1e7f970200647e6a49b29
vagrant@localhost:/vagrant/omniauth-oauth$ ruby -v
ruby 1.8.7 (2013-12-22 patchlevel 375) [x86_64-linux]
vagrant@localhost:/vagrant/omniauth-oauth$ bundle exec rspec
WARNING: SimpleCov is activated, but you're not running Ruby 1.9+ - no coverage analysis will happen
Starting with SimpleCov 1.0.0, even no-op compatibility with Ruby <= 1.8 will be entirely dropped.
Support for Ruby 1.8.x in Addressable is deprecated.
/vagrant/omniauth-oauth/lib/omniauth-oauth/version.rb:3: warning: already initialized constant VERSION
.......F....

Failures:

  1) OmniAuth::Strategies::OAuth /auth/{name}/callback should exchange the request token for an access token
     Failure/Error: expect(last_request.env["omniauth.auth"]["extra"]["access_token"]).to be_kind_of(OAuth::AccessToken)

     NoMethodError:
       undefined method `[]' for nil:NilClass
     # ./spec/omniauth/strategies/oauth_spec.rb:101

Finished in 0.23534 seconds (files took 1.78 seconds to load)
12 examples, 1 failure

Failed examples:

rspec ./spec/omniauth/strategies/oauth_spec.rb:99 # OmniAuth::Strategies::OAuth /auth/{name}/callback should exchange the request token for an access token

jingkaihe avatar Dec 01 '15 11:12 jingkaihe

I believe that there's a problem with Hashie::Mash, (since I notice extra cannot be assigned to the hash)

vagrant@localhost:/vagrant/omniauth-oauth$ ruby -v
ruby 1.8.7 (2013-12-22 patchlevel 375) [x86_64-linux]
vagrant@localhost:/vagrant/omniauth-oauth$ bundle console
Resolving dependencies...
/vagrant/omniauth-oauth/lib/omniauth-oauth/version.rb:3: warning: already initialized constant VERSION
irb(main):001:0> m = Hashie::Mash.new
=> #<Hashie::Mash>
irb(main):002:0> m.name = "foo"
=> "foo"
irb(main):003:0> m.name
=> nil

EDIT: Well, looks like hashie is not supporting 1.8.7.

jingkaihe avatar Dec 01 '15 18:12 jingkaihe

Closing as stale

BobbyMcWho avatar Aug 27 '24 16:08 BobbyMcWho