OAuth 1 Signature is invalid because url's params containtsUnicode simbols

26 views
Skip to first unread message

Alexey Matushevsky

unread,
May 28, 2014, 8:34:48 AM5/28/14
to dotnet...@googlegroups.com
Hi

Have found and bug while working with twitter;

Trying to post simple tweet Text + Url - 
text with > 嫌 http://google.com

The text contains the japan symbols. this leads to the System.Uri strange behavior - the colons : are not escaped to %3A

text%20with%20%3E%20%E5%AB%8C%20http:%2F%2Fgoogle.com

This what HttpWebRequest sends to twitter

Authorization: OAuth oauth_token="2193937074-cgmZbmJIIb75f7MkQgbdjuvQaen2xzM1WFXXC7G",oauth_consumer_key="XVCgN3fkwzTGgeSm1FBa1Q",oauth_nonce="j56uVn4M",oauth_signature_method="HMAC-SHA1",oauth_signature="sQfBT6%2Fw0wOnmLJqE65auF0j1Iw%3D",oauth_version="1.0",oauth_timestamp="1401279416"
Content-Length: 0
Connection: Keep-Alive

Resonse

HTTP/1.1 401 Unauthorized
content-length: 63
content-type: application/json; charset=utf-8
date: Wed, 28 May 2014 12:17:03 UTC
server: tfe
set-cookie: guest_id=v1%3A140127942310556823; Domain=.twitter.com; Path=/; Expires=Fri, 27-May-2016 12:17:03 UTC
strict-transport-security: max-age=631138519

{"errors":[{"message":"Could not authenticate you","code":32}]}

The error mean that the request has wrong signature;


But if we manually change the colon to %3A in Fiddler and resend it via composer the result will successful

Authorization: OAuth oauth_token="2193937074-cgmZbmJIIb75f7MkQgbdjuvQaen2xzM1WFXXC7G",oauth_consumer_key="XVCgN3fkwzTGgeSm1FBa1Q",oauth_nonce="j56uVn4M",oauth_signature_method="HMAC-SHA1",oauth_signature="sQfBT6%2Fw0wOnmLJqE65auF0j1Iw%3D",oauth_version="1.0",oauth_timestamp="1401279416"
Content-Length: 0
Connection: Keep-Alive

It seams like the DNOA referring using the System.Uri.AbsoluteUri to create signature and the HttpWebRequest uses the PathAndQuery property.

Dose any one have met with this problem?
Reply all
Reply to author
Forward
0 new messages