[Jersey] oAuth HMAC_SHA1 implementation bug

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: DirkM <dirk_at_olx.com>
Date: Mon, 24 Aug 2009 15:50:13 -0500 (CDT)

I believe there's a bug in the implementation of HMAC_SHA1 in the Jersey
oauth-signature library.
According to the spec, the consumer and token secrets should be percent
encoded before being concatenated together:
http://oauth.net/core/1.0a#anchor15

The code doesn't do this, so any secret with an unusual character in it (or
a space) will fail authentication.
Dirk

-- 
View this message in context: http://n2.nabble.com/oAuth-HMAC-SHA1-implementation-bug-tp3506009p3506009.html
Sent from the Jersey mailing list archive at Nabble.com.