php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #59825 Support for OAUTH_SIG_METHOD_RSASHA1 in provider?
Submitted: 2011-06-21 16:50 UTC Modified: 2011-07-12 05:18 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: fkooman at tuxed dot net Assigned:
Status: Open Package: oauth (PECL)
PHP Version: 5.3.6 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: fkooman at tuxed dot net
New email:
PHP Version: OS:

 

 [2011-06-21 16:50 UTC] fkooman at tuxed dot net 
Description:
------------
As far as I know it is not possible to use OAUTH_SIG_METHOD_RSASHA1 in the provider.

This is needed in the case of iGoogle where gadgets.io.AuthorizationType.SIGNED is set when a request is made. The request is signed with Google's private RSA key. 

I guess it would be needed to have some way to assign a certificate instead of just a secret with ($provider->consumer_secret), but instead now a $provider->consumer_public_key) or something.

Am I missing something, is this already possible? It seems the OAuth consumer in PECL OAuth can do RSA requests...

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-07-12 05:18 UTC] fkooman at tuxed dot net 
Would it be as "easy" as looking at $provider->signature_method and comparing it with RSA-SHA1. If it matches, interpret the $provider->consumer_secret as a public key certificate?

That would then require validating (instead of signing and comparing values with HMAC-SHA1) I guess...

What would be the best approach to fix this? I was looking into the code, but not sure where to start...
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Nov 22 06:01:30 2024 UTC