Get pr diff using oauth1 API returns 401 (BB-11086)

Issue #10239 closed
Roland Poulter
created an issue

I'm trying to get the diff of a pull request using one of the links that is returned from:

Which returns a link for getting a diff for the pull request:

But when I make this request with oauth authentication it returns a 401 status code? This url works fine when I use by bitbucket session from a browser, but not with oauth.


Comments (10)

  1. Erik van Zijst staff

    This is the result of a bug in OAuth's URL escaping logic that mistreats some characters.

    Nerdy explanation: The /diff URL returns a redirect to a URL compare view url that contains a colon, which in turn triggers a URL escaping inconsistency on the OAuth signature base string generation.

    A fix is underway and I'll update this ticket accordingly.

  2. Roland Poulter reporter

    I tried this using the app and using the oauth npm module. However I don't think this was the issue I was having. I was getting a 401 unauthorized status code, but only when I tried to get the diff, simply getting the PR worked fine in both cases. You seem to be right though about my library not supporting redirects:

    But it didn't get that far in both cases. Unless the route was returning a 401 status code when it should have returned a 3xx code.

  3. Roland Poulter reporter

    Do you know if the app has this bug or not? I can look into whether the npm oauth module has this problem or not. Thanks for pointing this out to me.

  4. Log in to comment