Signature Base does not include port when provided / non-default

Question

Signature Base does not include port when provided / non-default

puug opened this issue 13 years ago · comments

Testing on a local oauth provider instance, if I run on a non-standard port and provide it in the url, TDOAuth removes the port when generating the base. This is not correct looking at the OAuth 1.0 protocol: http://tools.ietf.org/html/rfc5849#section-3.4.1.2

ie
GET on http://localhost:8080/myService
generates a signature base of: GET&http%3A%2F%2Flocalhost%2FmyService ...
when it should be: GET&http%3A%2F%2Flocalhost%3A8080%2FmyService ...

As a result, the signature is invalid to the provider. Trivial issue, but I found it annoying.

Max Howell commented 10 years ago

ccc9c85

Max Howell · Answer 1 · Wed Feb 22 2012 20:17:10 GMT+0800 (China Standard Time)

Sorry about that. Patches welcome. Though I think the patches will need to be against my fork, seeing as I do not have access to this repo anymore.

Though I will ask for access.

Ryan Murfitt · Answer 2 · Sat Feb 25 2012 11:31:31 GMT+0800 (China Standard Time)

Fixes in my fork. Feel free to cherry pick from it:
https://github.com/puug/TDOAuth

Max Howell · Answer 3 · Thu Mar 01 2012 17:51:44 GMT+0800 (China Standard Time)

I'll merge this, this week. Thanks.