OAuth Invalid Signature problem when parameters values contain commas

darrenjdarrenj Registered Users Posts: 2 Beginner grinner
Hi,

I've had a tortuous time getting Image uploads working using OAuth but that's all working a treat now and I'm now back-porting the new code to the rest of my Application where I was previously using a PLAINTEXT and SSL approach.

I'm using the REST API and OAUTH signature generation and validation is working perfectly apart from when Querystring parameters (such as Extra) have comma delimited values, e.g.: Extras=Highlight,Description,MediumURL,LargeURL,SmallURL,ThumbURL.

When I make a request with parameters like this I get an invalid signature error back. After reviewing the OAUTH escaping spec I can see that comma is a reserved character and therefore requires escaping which my code was already doing:

For example this parameter fragment:

"Extras=Highlight,Description,MediumURL,LargeURL,SmallURL,ThumbURL&method=smugmug.albums.get"

Is escaped as below - all commas changed to %2C

"Extras%3DHighlight%2CDescription%2CMediumURL%2CLargeURL%2CSmallURL%2CThumbURL%26method%3Dsmugmug.albums.get"

Any ideas on what is going wrong here? If I use parameter values with no commas everything works fine so it's definitely related to the comma processing behaviour.

I was wondering if SmugMug is doing something slightly different when re-generating the hash server-side hence the signature is being reported as invalid?

Thanks in advance for any pointers :-)

Darren

Comments

  • David PLDavid PL Registered Users Posts: 80 Big grins
    edited January 15, 2013
    darrenj wrote: »
    Hi,

    I've had a tortuous time getting Image uploads working using OAuth but that's all working a treat now and I'm now back-porting the new code to the rest of my Application where I was previously using a PLAINTEXT and SSL approach.

    I'm using the REST API and OAUTH signature generation and validation is working perfectly apart from when Querystring parameters (such as Extra) have comma delimited values, e.g.: Extras=Highlight,Description,MediumURL,LargeURL,SmallURL,ThumbURL.

    When I make a request with parameters like this I get an invalid signature error back. After reviewing the OAUTH escaping spec I can see that comma is a reserved character and therefore requires escaping which my code was already doing:

    For example this parameter fragment:

    "Extras=Highlight,Description,MediumURL,LargeURL,SmallURL,ThumbURL&method=smugmug.albums.get"

    Is escaped as below - all commas changed to %2C

    "Extras%3DHighlight%2CDescription%2CMediumURL%2CLargeURL%2CSmallURL%2CThumbURL%26method%3Dsmugmug.albums.get"

    Any ideas on what is going wrong here? If I use parameter values with no commas everything works fine so it's definitely related to the comma processing behaviour.

    I was wondering if SmugMug is doing something slightly different when re-generating the hash server-side hence the signature is being reported as invalid?

    Thanks in advance for any pointers :-)

    Darren

    Use "%2C" in place of where you were originally putting the commas, and pass that to your signature generation method. With that, your initial parameter string in your example would be as follows (notice at this point the other characters are not encoded, such as the "=" or the "&"):

    "Extras=Highlight%2CDescription%2CMediumURL%2CLargeURL%2CSmallURL%2CThumbURL&method=smugmug.albums.get"
Sign In or Register to comment.