Creating oAuth request from django request is duplicated

Issue #3 resolved
Vladimir Mihailenco
created an issue

Currently I know at least 2 functions, that create oauth request from django request: initialize_server_request(request) and get_oauth_request(request), but there are some differences in their work. Is this is done intentionally? Can initialize_server_request can be refactored to use get_oauth_request()?

As result CheckOAuth creates two different oAuth requests. It is wasteful and can be confusing.

I can contribute these changes if needed.

Comments (5)

  1. Vladimir Mihailenco reporter
        # Don't include extra parameters when request.method is POST and 
        # request.MIME['CONTENT_TYPE'] is "application/x-www-form-urlencoded" 
        # (See
        # But there is an issue with Django's test Client and custom content types
        # so an ugly test is made here, if you find a better solution...

    AFAIK at least Google Chrome JavaScript implementation does not make any special case for none "application/x-www-form-urlencoded" parameters:

    ChromeExOAuth.prototype.sendSignedRequest = function(url, callback,
                                                         opt_params) {
      var method = opt_params && opt_params['method'] || 'GET';
      var body = opt_params && opt_params['body'] || null;
      var params = opt_params && opt_params['parameters'] || {};
      var headers = opt_params && opt_params['headers'] || {};
      var signedUrl = this.signURL(url, method, params);
      ChromeExOAuth.sendRequest(method, signedUrl, headers, body, function (xhr) {
        if (xhr.readyState == 4) {
          callback(xhr.responseText, xhr);

    For sure I can pass it explicitly like 'body', but I think in 99% none will bother himself with such details. So I propose by default not to be too smart in this case and just pass request.REQUEST to python-oauth2.

  2. Vladimir Mihailenco reporter

    Pull request:

    I have removed duplication and made code PEP-8 compliant. The biggest change is handling "application/x-www-form-urlencoded" requests. As I said:

    - Google Chrome does not check content_type at all. I did not check other implementations.

    - You are currently added quick fix for POST and not testserver environment, which is ugly + there are also PUT requests.

    - Parameters remain parameters whether they are urlencoded or JSON-encoded or whatever.

  3. David Larlet repo owner
    • changed status to open

    Hi Vladimir,

    Thanks for your bug report(s) and fixes. I'll take a look at your suggestions carefully. Are you sure that Google Chrome JavaScript is doing the right thing here? I wonder if it's standardized like that in the spec.

    Cheers, David

  4. Log in to comment