|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #59825 Support for OAUTH_SIG_METHOD_RSASHA1 in provider?
Submitted: 2011-06-21 16:50 UTC Modified: 2011-07-12 05:18 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: fkooman at tuxed dot net Assigned:
Status: Open Package: oauth (PECL)
PHP Version: 5.3.6 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-06-21 16:50 UTC] fkooman at tuxed dot net
As far as I know it is not possible to use OAUTH_SIG_METHOD_RSASHA1 in the provider.

This is needed in the case of iGoogle where is set when a request is made. The request is signed with Google's private RSA key. 

I guess it would be needed to have some way to assign a certificate instead of just a secret with ($provider->consumer_secret), but instead now a $provider->consumer_public_key) or something.

Am I missing something, is this already possible? It seems the OAuth consumer in PECL OAuth can do RSA requests...


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-07-12 05:18 UTC] fkooman at tuxed dot net
Would it be as "easy" as looking at $provider->signature_method and comparing it with RSA-SHA1. If it matches, interpret the $provider->consumer_secret as a public key certificate?

That would then require validating (instead of signing and comparing values with HMAC-SHA1) I guess...

What would be the best approach to fix this? I was looking into the code, but not sure where to start...
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat May 18 00:01:33 2024 UTC