Comments (11)
IMHO, OAuth-1.0a
is a low level library and should not try to encode complex object; there's many way to encode them and there's no way to ensure the http client encoding will match OAuth-1.0a
one. The solution would be to encode the data first, or let the http client encode it, and provide the encoded data to OAuth-1.0a
. OAuth-1.0a
would have to parse it like it parses the query string.
An alternative would be to add a data_encoder
option to override the default simple encoder.
ps: probably encoder
is not right word.
from oauth-1.0a.
Also just in case anyone was wondering, I've removed the oauth_
params from the parameter string, but they were there in the correct place
from oauth-1.0a.
will check
from oauth-1.0a.
Okay so, I've had a bit of a dig around. The problem seems to arise here:
base_string_data = this.sortObject(this.percentEncodeData(this.mergeObject(oauth_data, this.mergeObject(request.data, this.deParamUrl(request.url)))));
If I log base_string_data
at this point it looks like this
[
{ key: 'filter', value: [ '%5Bobject%20Object%5D' ] },
{ key: 'filter%255B0%255D%255Battribute%255D', value: 'updated_at' },
{ key: 'filter%255B0%255D%255Bfrom%255D', value: '2017-05-10%2000%3A00%3A00' },
{ key: 'limit', value: '100' },
// oauth_* values
{ key: 'page', value: '1' }
]
So you can see, that filter
has become 3 separate keys. I'm not sure how exactly this would best be fixed but I'll keep looking into it for now. It seems there needs to be an additional check in percentEncodeData
in order to avoid this but if I find anything I'll update this
from oauth-1.0a.
So I think there are 2 things going on. Firstly, there's the issue that when percentEncodeData
doesn't accept an array of objects. So that's where this comes from
{ key: 'filter', value: [ '%5Bobject%20Object%5D' ] }
The other issue is almost the opposite, in that deParam
doesn't support decoding arrays from the url parameter string. Which means that when the objects are merged, you end up with all 3 like so
{ key: 'filter', value: [ '%5Bobject%20Object%5D' ] },
{ key: 'filter%255B0%255D%255Battribute%255D', value: 'updated_at' },
{ key: 'filter%255B0%255D%255Bfrom%255D', value: '2017-05-10%2000%3A00%3A00' },
from oauth-1.0a.
from oauth-1.0a.
Hi again,
So after more playing around, I figured out I could get this to work by using qs
to do some of the encoding/decoding. I don't know whether you would prefer to add qs
as a dependency or if you'd rather replicate this functionality in your own module?
Do you have any contribution guidelines?
Thanks
from oauth-1.0a.
hi,
all the PR should pass the tests, if you can't test on local then you just create a pull request to trigger the semaphoreci.
and also add the new test cases in test/
ty
from oauth-1.0a.
I didn't see this issue earlier, but it looks a lot like the issue i encountered: having multiple duplicate parameters in the querystring doesn't result in a valid signature.
See my pull request: #58
Haven't tested it, but it might fix your issue as well?
from oauth-1.0a.
Ah, looking again i see your issue is about the body parameters (mine was about querystring parameters), so this is probably not fixed by my pull request.
from oauth-1.0a.
for complicated object data, you should turn it to json string JSON.stringify(data) then send it as a string.
from oauth-1.0a.
Related Issues (20)
- Login authentication issue of token 403 error HOT 10
- Documentation and support for WebCrypto HOT 2
- Private key being escaped and duplicated when passed to hash_function
- Not to standard: Raw body is include in the signature base string
- Headers are inconsistent and/or not forming correctly with access token and access token secret HOT 2
- How to add oauth verify?
- 401 error - invalid oauth signature HOT 5
- oauth_verifier is missing HOT 3
- "Duplicate timestamp/nonce combination, possible replay attack. Request rejected." HOT 2
- TypeError: Cannot read property 'toUpperCase' of undefined HOT 4
- No oauth parameters supplied? HOT 1
- Signature Not Handling Complex Object Structure HOT 1
- TypeScript definitions should not have implicit any HOT 2
- oauth_signature does not match expected value in C# while get acess token in thmblr HOT 1
- oauth_consumer_key="undefined" in request headers HOT 1
- oauth in body not working with axios HOT 1
- How can a callback be specified in the Authorization header? HOT 2
- Verifying Signature helper? HOT 5
- CryptoJS include no longer available
- Index signature missing for OAuth.Header (typescript) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth-1.0a.