Today, we tried to update the oauth rruby gem from 0.2.7 to 0.3.1 and
we ran into a bit of a bug. We noticed that if you try to do a
consumer request with a blank token, the token parameter gets
dropped out of the request. According to section 7 of the OAuth spec
(http://oauth.net/core/1.0/#anchor13), requests to protected resources
always have to contain certain parameters (even if they're blank).
We think we traced where the oauth_param is being dropped out. It
appears to be the oauth_parameters method in helper.db
(http://github.com/pelle/oauth/blob/ce9caa2a7ffd03a35023b0dc5bf0b1777fa4ac62/lib/oauth/client/helper.rb
lines 33-42). If a value is blank in here, it's rejected.
Of course, we're not that familiar with the code so it could be
happening somewhere else, but hopefully this gives you guys a head up.
Thanks, and keep up the good work!
Fredric Carl