Hello Yu,
Thanks for your report. I've entered an issue for that:
http://restlet.tigris.org/issues/show_bug.cgi?id=1034
Best regards,
Thierry Boileau
> Hi,
>
> When I use Restlet (Acutally Noelios) OAuth together with OAuth lib from
> Netflix, there's inconsistent in handling OAuth and non-oauth parameters and
> causes invalid signature exception later on in
>
> Noelios OAuthHelper saves all parameters (OAuth and Query parameters, for
> example) into its OAuthMessage's arrtibutes.
> see the code snippet from OAuthHelper.java:
>
> // Query parameters.
> for (final org.restlet.data.Parameter p : request.getResourceRef()
> .getQueryAsForm()) {
> parameters.add(new OAuth.Parameter(p.getName(), p.getValue()));
> }
>
> However, in Netflix's OAuthSignatureMethod class, the function "validate"
> where the signature of the base string is calculated from both the
> OAuthMessage arrtibutes PLUS the request parameters. See the code snippets in
> the function "getBaseString(OAuthMessage message)"
>
> parameters = new ArrayList<Map.Entry<String, String>>();
> parameters.addAll(OAuth.decodeForm(message.URL.substring(q +
> 1))); //!!! here we got duplicated query parameters !!!
> parameters.addAll(message.getParameters());
>
> ------
> So My fix to this problem in OAuthGuard is to use my own "genMessage"
> function to replace the one at:
> // old
> final OAuthMessage requestMessage = OAuthHelper.getMessage(request);
>
> // mine
> final OAuthMessage requestMessage = _getMessage(request); // my
> implementation, basically I just commented out few lines of code where query
> parameters are involved.
>
> I am not 100% sure my hack is correct or will cause any other side-effect to
> the Restlet 1.* OAuth extension.
>
> BRs,
> Yu
>
> ------------------------------------------------------
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2444857
>
>
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2446747
