BazingaOAuthServerBundle
BazingaOAuthServerBundle copied to clipboard
willdurand
OAuthV1 base string - parameters encoding
Hello,
while trying to figure out issue https://github.com/mautic/mautic/issues/1323 I think I tracked the problem to this library and may have found a bug. Would you please be so kind as to check the info below?
I think the library may miss query parameters key and value encoding as per https://tools.ietf.org/html/rfc5849#section-3.4.1.3.2 point, point 1., which leads to problems when the library is used to authenticate a request, that contains query parameter key or value, that contains special characters (like : or @).
The following commits solve the problem for me - it should not affect the behavior for requests without special chars. Would you accept them as pull request?
https://github.com/cedel1/BazingaOAuthServerBundle/commit/76286a4213b3e6808e0c620e6b6c5eb4d5ff0b7f https://github.com/cedel1/BazingaOAuthServerBundle/commit/c74f654c8767309c32e0c949642a3c8771fbc528
I agree - definitely a bug upstream. We are weighing our options to determine what we need to do. I'm not sure he's developing that library anymore so we may have to fork it.
@alanhartless nope I don't develop it anymore, but I can give you admin rights to the repo if you want to maintain the lib (which would be super great!)
I'd be honored to! Thanks! On Thu, Aug 18, 2016 at 12:57 William Durand [email protected] wrote:
@alanhartless https://github.com/alanhartless nope I don't develop it anymore, but I can give you admin rights to the repo if you want to maintain the lib (which would be super great!)
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/willdurand/BazingaOAuthServerBundle/issues/31#issuecomment-240804155, or mute the thread https://github.com/notifications/unsubscribe-auth/AAD3UCAg6NVhM0sa3iKfNqjsGBbGzoGlks5qhJ0JgaJpZM4IpUk3 .