Great, This was the understanding I had before as well when we wrote the original ruby version. I guess the misunderstanding comes from the wording of 9.1.1, where it does not mention that the parameters should be encoded.
Maybe a note to this effect should be added there. Thanks for your help. Pelle On Thu, Jan 22, 2009 at 3:51 PM, Marc Worrell <[email protected]> wrote: > > It should be escaped in both places. > This because in step 3 you should be escaping the "&"'s of step 1. > > So, when you have the parameters 'a' and 'b', both with the value '%'. > This will become: > > Step 1: > a=%25&b=%25 > > Step 3: > > Method = GET > URL = http://example.com/ > Parameters = a=%25&b=%25 > > Base string = GET&http%3A%2F%2Fexample.com%2F&a%3D%2525%26b%3D%2525 > > On the page http://wiki.oauth.net/TestCases are some more examples. > > - Marc > > > On 23 jan 2009, at 00:31, Pelle Braendgaard wrote: > >> >> You see this is where the complexity comes in :-) >> >> Before which of the concatenations should the encoding be done? There >> is the concatenation of the parameters with & in step 1 as well as the >> concatenation of the 3 parts of the SBS. >> >> So before we had it encoded as part of both step 1 and step 3. My >> current reading is that it should be done only as part of step 3. As >> the "&"'s from the parameters are escaped in the SBS. >> >> P >> >> On Thu, Jan 22, 2009 at 2:57 PM, Marc Worrell <[email protected]> wrote: >>> >>> In fact it is all very simple :-) (famous last words) >>> >>> In general: encode before you concatenate with '&'. >>> >>> On 22 jan 2009, at 20:12, Pelle Braendgaard wrote: >>>> 1. Normalize the request parameters, which means only ordering the >>>> parameters and then separating them with "&"'s ( 9.1.1) >>> >>> The request parameters are encoded before the concatenation. >>> (Otherwise you could not have a '&' in any parameter.) >>> >>>> 2. Normalizing the URL (9.1.2) >>>> 3. Concatenation of the encoded versions of (the http request >>>> method, >>>> the normalized url (see step 2) and the normalized request >>>> parameters >>>> (see step 1.) (9.1.3) >>>> >>>> The Ruby implementation encodes each parameter in step 1 and then >>>> re-encodes them in step 3. >>> >>> That is correct behaviour. The result in step 3 is a concatenation >>> of >>> 3 parts, all parts are encoded before concatenating. >>> >>>> I have corrected this in git so far. But >>>> would like to just check that my analysis is correct, so we can >>>> close >>>> this chapter once and for all. >>> >>> Hope this is now closed :-) >>> >>> - Marc >>> >>>> >>> >> >> >> >> -- >> http://agree2.com - Reach Agreement! >> http://extraeagle.com - Solutions for the electronic Extra Legal world >> http://stakeventures.com - Bootstrapping blog >> >> > > > > > > -- http://agree2.com - Reach Agreement! http://extraeagle.com - Solutions for the electronic Extra Legal world http://stakeventures.com - Bootstrapping blog --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
