Issue #55 resolved

Non-http OAuth callback urls not accepted

Benoit Garret
created an issue

I'm working on an android app and using an api created by piston.

I tried to pass a callback URL, of the form {{{tomdroid://sync}}}, to the request token endpoint to have my application raised automatically at the end of the authorization process.

The problem is, an error "Access not granted by user." was returned, even though I correctly filled the authorization form. The OAuthAuthenticationForm.oauth_callback field (in piston/forms.py) is defined as an URLField, resulting in an error when trying to validate it with this kind of non-http URL.

I fixed this by changing its type to CharField and this works fine for me.

Comments (7)

  1. Jesper Nøhr repo owner
    • changed status to open

    Cool that you're using it with Android :-)

    It's an URLField, as we didn't think anyone would use anything else :-) I'll add your name to AUTHORS.txt, so in case you'd like that, I'd need your full name.

  2. Benoit Garret reporter

    Filled in my full name in the site profile, I would find it extremely cool to be in the authors without knowing anything about python :-) .

    While you're reading this, can I shamelessly ask you to take a quick look at #56?

  3. Benoit Garret reporter
    • changed status to open

    Sorry to insist on this one, but the fix I described in the first post doesn't look like it has been merged into the main branch. Do you want a patch for this one?

    It's indeed very cool to see my name in AUTHORS, but that's not why I filed this bug ;-)

  4. Jesper Nøhr repo owner

    Applied, thanks.

    Next time, commit your change as a changeset locally, and use "hg export" to generate a patch. That way I can import the changeset directly, and retain your timestamp/username/commit message.

  5. Log in to comment