Thanks for the clarification Taylor

George


On Fri, Jun 11, 2010 at 10:14 AM, Taylor Singletary <
taylorsinglet...@twitter.com> wrote:

> It kind of depends on how you tilt your head and look at it sometimes.
>
> One way of looking at it is that POST body elements already are URL-encoded
> (at least when we're talking about "application/x-www-form-urlencoded" type
> bodies). When you send a POST request, you already must URL encode the body.
>
> This algorithm begins from the assumption that you've already prepared your
> POST body. I'll try to make that distinction clearer.
>
> Taylor
>
> On Thu, Jun 10, 2010 at 7:31 PM, Malayil George <georg...@gmail.com>wrote:
>
>> Hi,
>>    I've been trying to work through the OAuth steps presented at
>> http://dev.twitter.com/pages/auth#signing-requests . The psuedo-code for
>> base-string generation is given as
>>
>> httpMethod + "&" +
>>  url_encode(  base_uri ) + "&" +
>>  sorted_query_params.each  { | k, v |
>>      url_encode ( k ) + "%3D" +
>>      url_encode ( v )
>>  }.join("%26")
>>
>>  But, this doesn't seem to work with the params on the example. The
>> example has baseString = POST&https%3A%2F%2Fapi.twitter.com
>> %2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0
>>
>> With the above algorithm, wouldn't the baseString end up as
>> "...&oauth_callback%3Dhttp%3A%2F%2Flocalhost...%26oauth_consumer_key%3D..."?
>> The %3A seems to be getting encoded somehow to %253A in the example. I have
>> been able to get my result to match the example result by modifying the
>> algorithm to be
>>
>> httpMethod + "&" +
>>  url_encode(  base_uri ) + "&" +
>>  url_encode(sorted_query_params.each  { | k, v |
>>      url_encode ( k ) + "=" +
>>      url_encode ( v )
>>  }.join("&"))
>>
>>   Reading the comments at
>> http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/,
>>  it seems we should be doing a double url-encode? Is that right or am I
>> missing something (and this workaround is just working in this example)?
>>
>>
>> Regards
>> George
>>
>>
>>
>>
>>
>>
>

Reply via email to