sirikata / liboauthcpp Goto Github PK

Hi,

From a Qt client, I'm encoding a URL to be able to make some file operations:
https://github.com/JoseExposito/ubuntuone-qt-files/blob/master/src/com/egg-software/ubuntuone-qt-files/network/AbstractMessage.cpp#L67

For example, to download a file named "(HI).txt" I send a request like this:

https://files.one.ubuntu.com/content/~/Ubuntu%20One/%28HI%29.txt

But I have noticed that the Ubuntu One server returns a "Host requires
authentication" error. To avoid this error I have excluded the chars "("
and ")" from the encoding, and all work as spected with a URL like this:

https://files.one.ubuntu.com/content/~/Ubuntu%20One/(HI).txt

Probably (I'm not sure) the liboauthcpp library is encoding or not some chars to generate the signature, and that is why the Ubuntu One server is returning the "Host requires authentication"

My question is.. Where can I get the full list of chars to exclude from the
encoding?

Thank you very much for the library and the support 😄

No comments!

The srand call in Client::generateNonceTimeStamp should only be called once. This will prevent duplicate time stamps from being returned.

Something like this should fix it:

static bool initialized = false;
if(!initialized)
{
    srand( time( NULL ) );
    initialized = true;
}

If you have a query with two parameters of the same name, only one will be copied to the output query string, eg for the linkedin api:

http://api.linkedin.com/v1/people-search:(facets:(code,buckets:(code,name,count)))?facets=location,network&facet=location%2Cus%3A84&facet=network%2CF

Hi all,
Not sure if this is an active project, but there do seem to have been some changes in the last year since I started using it for accessing QuickBooks Online.

Just downloaded the latest files, and there appears to be a new bug in urlencode.cpp, which can be fixed as follows:
change line 97
from: assert(false && 'Unknown urlencode type');
to: assert(false && "Unknown urlencode type");

Previously, when compiling this library into my applications with Visual Studio 2013, there were a number of warning messages, especially when compiling for x64 version.

Firstly, in both liboauthcpp.cpp, and SHA1.cpp, add the following line at top to avoid "strcpy possible unsafe" warnings:
#define _CRT_SECURE_NO_WARNINGS

The attached text file lists changes which have worked for me to stop warning messages when compiling x64. These mostly seem to relate to converting from size_t (which may be a 64 bit value) to an int (which may be only 32 bit value).

Anyway, submitted for consideration and possible inclusion in future versions.

regards,
Garry.

Mods in liboauthcpp to accomodate x64.txt

OAuth Verification Failed: Verification of signature failed (signature base string was "GET&https%3A%2F%2Fapi.imgur.com%2Foauth%2Frequest_token&oauth_consumer_key%3Dcb5ae201bac88c3ec7c6cac2f07dd7b10509eb5bb%26oauth_nonce%3D135258652339e%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1352586523%26oauth_version%3D1.0"). with Array ( [0] => 9e55e4b7e3bd34207e290d0c59670101 [1] => [2] => )

it gives me this url
https://api.imgur.com/oauth/request_token?oauth_consumer_key=cb5ae201bac88c3ec7c6cac2f07dd7b10509eb5bb&oauth_nonce=135258652339e&oauth_signature=Q4kxVYhGz%252Fd%252F8WE%252FqpATsDtvcOg%253D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1352586523&oauth_version=1.0

The library segfaults for long urls, http://example.com?foo=xxxxx...(5k times)...xxxxx . This is because CHMAC_SHA1 uses fixed size buffers (4kb) . This is also a security problem.

how to use simple_auth and simple_request
This problem appears in simple_auth:
terminate called after throwing an instance of 'OAuth::MissingKeyError'
what(): Couldn't find oauth_token_secret in response Aborted (core dumped).

Trying to authenticate to tumblr, it refuses to return a request tokenclaiming a wrong signature, and I've used the built-in demo to try it with 2 different app key/secrets already

Edit: flickr seems to give the same error

I am using this library to access resources as explained in https://colab.research.google.com/github/JohnDeere/DevelopWithDeereNotebooks/blob/master/Onboarding/myjohndeere-api-onboarding.ipynb . In this tutorial they are using requests module from Python. I am able to access resources using Python code. But with liboauth I am able to get verifier. After that server does not accept my request with verifier. It says invalid signature for HMAC_SHA1 method .

I'd like to build an x64 compatible version for my project (which is x64), but the solution provided by CMake doesn't provide the option. Is there a way to add this functionality to CMake? I'm not very familiar with the tool, unfortunately :(

At fast request (4 times per second) oauth_nonce duplicated.

I just stumbled across this library, and I very much agree with this idea that the interface does not provide network services, just pure OAuth functionality - you "BYONI" (Bring Your Own Networking Interface). What do you think about leveraging Beast's HTTP message model to generate complete messages which Beast can send?
https://github.com/vinniefalco/Beast

Thanks!

warning: character constant too long for its type
assert(false && 'Unknown urlencode type');
^

shouldn't getSignature have a do_urlencode?

now it always do
oAuthSignature = urlencode( base64Str );
in the end.. is that really correct?
what if I use it in a http header? .. then I guess it shouldn't be urlencoded?

Using MinGW in combination with MSYS you have to use the "MSYS Makefiles" generator like this:
$ cd liboauthcpp/build
$ cmake . -G "MSYS Makefiles"
$ make

In the last step it fails because of the following piece of logic in the CMakeFiles.txt (line 36-40):

# Disable some annoying, unnecessary Windows warnings. Enable unwinding for exception handlers.
IF(WIN32)
  ADD_DEFINITIONS(-D_CRT_SECURE_NO_WARNINGS -D_SCL_SECURE_NO_WARNINGS -EHsc)
  SET(CMAKE_CXX_FLAGS "-D_CRT_SECURE_NO_WARNINGS -D_SCL_SECURE_NO_WARNINGS")
ENDIF()

It adds the -EHsc parameter, amongst other things, to the compiler parameters and during make this fails:

$ make
Scanning dependencies of target oauthcpp
[  7%] Building CXX object CMakeFiles/oauthcpp.dir/C_/dev/cpp/libs/liboauthcpp-testing/src/base64.obj
g++.exe: error: unrecognized command line option '-EHsc'
make[2]: *** [CMakeFiles/oauthcpp.dir/C_/dev/cpp/libs/liboauthcpp-testing/src/base64.obj] Error 1
make[1]: *** [CMakeFiles/oauthcpp.dir/all] Error 2
make: *** [all] Error 2

I presume there's some logic missing in order to detect whether it's a Windows platform and using MSVC for the exception settings. When you comment out these lines and run it again everything builds fine.