It kind of depends on how you tilt your head and look at it sometimes.

One way of looking at it is that POST body elements already are URL-encoded
(at least when we're talking about "application/x-www-form-urlencoded" type
bodies). When you send a POST request, you already must URL encode the body.

This algorithm begins from the assumption that you've already prepared your
POST body. I'll try to make that distinction clearer.

Taylor

On Thu, Jun 10, 2010 at 7:31 PM, Malayil George <georg...@gmail.com> wrote:

> Hi,
>    I've been trying to work through the OAuth steps presented at
> http://dev.twitter.com/pages/auth#signing-requests . The psuedo-code for
> base-string generation is given as
>
> httpMethod + "&" +
>  url_encode(  base_uri ) + "&" +
>  sorted_query_params.each  { | k, v |
>      url_encode ( k ) + "%3D" +
>      url_encode ( v )
>  }.join("%26")
>
>  But, this doesn't seem to work with the params on the example. The example
> has baseString = POST&https%3A%2F%2Fapi.twitter.com
> %2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0
>
> With the above algorithm, wouldn't the baseString end up as
> "...&oauth_callback%3Dhttp%3A%2F%2Flocalhost...%26oauth_consumer_key%3D..."?
> The %3A seems to be getting encoded somehow to %253A in the example. I have
> been able to get my result to match the example result by modifying the
> algorithm to be
>
> httpMethod + "&" +
>  url_encode(  base_uri ) + "&" +
>  url_encode(sorted_query_params.each  { | k, v |
>      url_encode ( k ) + "=" +
>      url_encode ( v )
>  }.join("&"))
>
>   Reading the comments at
> http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/,
>  it seems we should be doing a double url-encode? Is that right or am I
> missing something (and this workaround is just working in this example)?
>
>
> Regards
> George
>
>
>
>
>
>

Reply via email to