Issue #172 new

OAuth Http Headers Not Parsed Correctly

created an issue

I'm using piston with an iPhone application that uses the gtm-oauth library ( And after much investigation as to why I kept receiving 401 Parameter not found: oauth_consumer_key it looks like does not correctly handle the Authorization header (or HTTP_AUTHORIZATION from request.META).

gtm-oauth creates a header value that looks like this:

OAuth oauth_consumer_key="myKey", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_callback="http%3A%2F%2FOAuthCallback", oauth_nonce="4084080213831605494", oauth_timestamp="1291656230", oauth_signature="Ar03Ypzi42LI1rAHGwmQEDBArYM%3D"

Which parses incorrectly into a dictionary that has a key "OAuth oauth_consumer_key", NOT "oauth_consumer_key", this causes the get_parameter() method to fail.

I have modified (e.g. hacked) to remove "Oauth " from key names when parsing the header. But I believe this should be logged as a bug (but an one I suppose).

Comments (3)

  1. Anonymous


    I had the same problem. I was forced to edit as well because when it was trying to recreate the signature base string it included the "Oauth " in the headers which caused my signature to be different.

  2. Log in to comment