Fixed request token parsing using cgi.parse_qs method #76
Conversation
|
@antonmoiseev Great catch. Sorry for the obscenely late reply; we just got this repository transferred over and @jaitaiwan and I are trying to go through all the PRs now. Any chance you have a test for this in another fork? |
|
I can't believe it 😄. It was probably my first GitHub PR 4 years ago. Unfortunately I don't have any tests and the source code of the original project anymore. However I appreciate your effort to give the project a new life! |
|
I don't have a test, but I do have a link to the spec that clearly states that empty params are not to be discarded: http://oauth.net/core/1.0/#anchor14 "Parameters are concatenated in their sorted order into a single string. For each parameter, the name is separated from the corresponding value by an ‘=’ character (ASCII code 61), even if the value is empty. Each name-value pair is separated by an ‘&’ character (ASCII code 38). For example:" And here is a link to the original issue I reported 5 years ago: |
keep_blank_values in OAuthToken.from_string method should be set True, otherwise you will get an unhandled exception trying fetch oauth_token_secret from response if OAuth server doesn't supply this parameter. For example Evernote's OAuth server doesn't provide oauth_token_secret parameter if signature method is PLAINTEXT.