Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
OAuth
Home
+ new post
Pages
Files
About this group
Join this group
Message from discussion percent encoding of parameters
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Jesse Clark  
View profile  
 More options Jul 14 2008, 7:45 pm
From: Jesse Clark <je...@jesseclark.com>
Date: Mon, 14 Jul 2008 16:45:52 -0700
Local: Mon, Jul 14 2008 7:45 pm
Subject: percent encoding of parameters
Forward | Print | View thread | Show original | Report this message | Find messages by this author
I have been running into issues with encoding spaces in parameters for  
Signature Base Strings and would like to reraise the issue with the  
group.

Here is a link to the most relevant discussion we have had previously  
if you would like to refresh your memory: http://groups.google.com/group/oauth/browse_thread/thread/a8398d0521f...

The specific problem that I am encountering right now is that the  
Ruby, PHP,  and Objective-C OAuth libraries handle percent encoding of  
incoming parameters differently.

In the Ruby library all parameters are percent encoded with '+' chars  
being converted to space encodings ( '%20' ), in the PHP lib  
parameters containing '+'s are left as is.

So, the resulting signature base strings for a query parameter key/
value pair of: c=hi+there would come out in the SBS as follows for  
each lib:

Ruby:        c%3Dhi%2520there
PHP:         c%3Dhi%25Bthere

The Objective-C lib behaves like the PHP lib except it doesn't seem to  
be encoding the % of the %2B a second time per section 9.1.3 so the  
resulting part of the SBS looks like:
c%3Dhi%2Bthere

So, I would like to know which approach is correct? Should a '+' in a  
query string get decoded to a space first ( as is a common practice )  
and then percent encoded to %20 per RFC 3986, or should our libs leave  
the '+' as is and encode it as %2B?

Also, I wonder if it might be slightly more clear if section 5.1 of  
the spec ( http://oauth.net/core/1.0/#encoding_parameters ) read: "All  
request parameter names and values..." instead of "All parameter names  
and values..." just to further clarify that all query part of form  
encoded name values including the OAuth Protocol Params must be escaped.

-Jesse


    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2010 Google