Signature Base does not include port when provided / non-default
puug opened this issue · comments
Testing on a local oauth provider instance, if I run on a non-standard port and provide it in the url, TDOAuth removes the port when generating the base. This is not correct looking at the OAuth 1.0 protocol: http://tools.ietf.org/html/rfc5849#section-3.4.1.2
ie
GET on http://localhost:8080/myService
generates a signature base of: GET&http%3A%2F%2Flocalhost%2FmyService ...
when it should be: GET&http%3A%2F%2Flocalhost%3A8080%2FmyService ...
As a result, the signature is invalid to the provider. Trivial issue, but I found it annoying.
Sorry about that. Patches welcome. Though I think the patches will need to be against my fork, seeing as I do not have access to this repo anymore.
Though I will ask for access.
Fixes in my fork. Feel free to cherry pick from it:
https://github.com/puug/TDOAuth
I'll merge this, this week. Thanks.