starred/OAuthSwift
1
0
Fork 0
mirror of https://github.com/OAuthSwift/OAuthSwift.git synced 2026-04-26 20:55:57 +03:00
Code Issues 56 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #142] Additional parameters on the querystring are not being factored into OAuth signature. #89

New issue
Closed
opened 2026-03-03 16:45:35 +03:00 by kerem · 0 comments
kerem commented 2026-03-03 16:45:35 +03:00
Owner
Copy link

Originally created by @pculligan on GitHub (Nov 9, 2015).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/142

I came across a case where the URL to GET a request token had additional querystring parameters.

https://apicert.client.com/platform/oauth/request_token?xoauth_displayname=Apply%20Mobile&scope=https%3A%2F%2Fapicert.client.com%2Fplatform%2F HTTP/1.1

However, these parameters are not currently accounted for when generating the OAuth signature.

This is arguably ok in the case of URLs where we can assume that educating the user on not having querysting parameters, but cannot be accepted in the case of the request, authorize, or access methods during OAuth negotiation (the method authorizeWithCallbackURL, postOAuthRequestTokenWithCallbackURL and postOAuthAccessTokenWithRequestToken don't support parameters).

The OAuth1.0 spec states that the OAuth signature must account for all of the parameters and the URL portion of the signature base string must only be the scheme, query, and path.

Originally created by @pculligan on GitHub (Nov 9, 2015). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/142 I came across a case where the URL to GET a request token had additional querystring parameters. ``` https://apicert.client.com/platform/oauth/request_token?xoauth_displayname=Apply%20Mobile&scope=https%3A%2F%2Fapicert.client.com%2Fplatform%2F HTTP/1.1 ``` However, these parameters are not currently accounted for when generating the OAuth signature. This is arguably ok in the case of URLs where we can assume that educating the user on not having querysting parameters, but cannot be accepted in the case of the request, authorize, or access methods during OAuth negotiation (the method `authorizeWithCallbackURL`, `postOAuthRequestTokenWithCallbackURL` and `postOAuthAccessTokenWithRequestToken` don't support parameters). The OAuth1.0 spec states that the OAuth signature must account for all of the parameters and the URL portion of the signature base string must only be the scheme, query, and path.
kerem 2026-03-03 16:45:35 +03:00
  • closed this issue
  • added the
    bug
         label
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
ci/action/danger
ci/action/release-drafter
pkce
ci/action/tvos
ci/travis
2.1.0
2.0.0
fix/fitbiterror
swift3
digu-demo
swift3.0objc
swift2.2
swift2.3
swift2.0
2.2.0
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
1.4.1
1.4.0
1.3.0
1.2.2
1.2.1
1.2.0
1.1.2
1.1.1
1.1.0
1.0.0
0.6.0
0.5.2
v0.5.2
0.5.1
0.5.0
0.4.8
0.4.6
v0.4.6
0.4.5
v0.4.5
0.4.4
v0.4.4
0.4.3
0.4.2
0.4.1
v0.4.1
0.4.0
v0.4.0
Swift1.x
0.3.7
v0.3.7
0.3.6
v0.3.6
0.3.5
v0.3.5
0.3.4
v0.3.4
0.3.3
v0.3.3
v0.3.2
0.3.2
0.3.1
v0.3.1
0.3.0
v0.3.0
0.2.1
0.2.0
v0.2.0
0.1.9
0.1.8
0.1.7
v0.1.7
v0.1.6
Labels
Clear labels   
bug

   
cocoapod

   
duplicate

   
enhancement

   
feature-request

   
help wanted

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
bug
cocoapod
duplicate
enhancement
feature-request
help wanted
help wanted
invalid
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/OAuthSwift#89
No description provided.