OAuth Core 1.0 Revision A Compatibility about oauth-php HOT 25 CLOSED

Is anyone working on this? I need 1.0A compatibility.

Y.

Revision 1.0A support is on our list of "things to do as soon as possible."

Though the engineer working on it is currently on holiday.  He will be back 
soon, I'll keep you posted on 
progress.

If he'd like to see an example:

http://svn.codehaus.org/spring-security-oauth/trunk/spring-security-oauth/src/ma
in/java/org/springframework/security/oauth/provider/verifier/RandomValueInMemory
VerifierServices.java

http://svn.codehaus.org/spring-security-oauth/trunk/spring-security-oauth/src/ma
in/java/org/springframework/security/oauth/provider/verifier/

Hey, will we see this implemented any time soon or do I have to fix it myself? 
:) 
Thanks!

Does anyone know what changed in de specification revision 1.0A, maybe we can 
help 
you with some fixes?

outh_verifier was added to avoid Man-in-the-middle attacks.

I'm looking into this. Did anybody write a patch yet? If so, please post and 
I'll
verify it and add to the next release.

Note: somebody promised a patch. As soon as I get it, I'll add to the SVN and 
release
a new version.

Has anything been done on this?

I've been promised a patch by alexheimburger (see the wiki comments) but he has 
not
sent it yet. I currently lack the time to make the fix from scratch, so if 
anybody
would be willing to do it, I'd appreciate it, test it and package it...

Hi everybody.

I've just emailed the patch to Bruno. Here is the mail I've just sent him.

Note that the patch has been coded against r64.

Hi Bruno,

I'm so sorry for being so late. Maybe you already have patched your version.

Anyway, here is my complete version of the oauth library and a diff file if you 
want
to patch.

Basically, I've added the oauth_verifier verification and a change in the 
callback
management.

You can track my changes by searching Compatibility in the source code.

Hope this helps. Happy coding :)

Alex

Here is the patch.

Alex, thank you very much :) 

I'll add the patch to the SVN as soon as possible and release a new version.

Cool :) 

By the way, we use the library in our day to day work in my company (blueKiwi
Sofware) and it rocks !

The regular patch -pnum <patchfile doesn't apply that patch. Could you make that
patch with diff -u I'm having trouble applying.

The patch won't apply, as it was made against r64 and several changes happened 
since.
I just committed release 102, which has this patch manually applied and revised.

Please let me know if it doesn't work to somebody. This is test code and should 
not
be used on production yet.

@alexheimburger: it seems you define a new field ost_verifier on TABLE
oauth_server_token, which from the code seems to be a 10-char long string, so I
defined it in the SQL as char(10). Anything else to add about this? Any other 
changes
to the DB schema?

Has anyone tested the new code yet? Any success or failure reports would be
appreciated. Thanks.

As changes are made to the database schema, it'd be good if the ALTER 
statements could be kept up-to-date as 
well.  It looks like it started happening at the top of this file, but hasn't 
been happening recently. 
http://code.google.com/p/oauth-php/source/browse/trunk/library/store/mysql/mysql
.sql

Also, I believe Google Code allows for code reviews -- you may consider turning 
those on to get additional 
feedback for each commit.

Right now it seems that the mysql.sql file is not up-to-date with the code.  I 
get a "Unknown column 
'ost_callback_url' in 'field list'"

Fixed comments #18 and #19. Thanks for the suggestion, I'll check the code 
review
feature.

There seems to be a bug in the signature verification code, possibly caused by 
the
1.0a changes. I'm looking into it.

Did someone test this? Does it work?

I have tested. It seems to be 1.0a compatible -- I tested with other oauth 
clients and it worked. But I'd welcome more tests.

If nothing is found by July 1st, I'll consider this one closed and post a new 
release.