Skip to content
This repository has been archived by the owner on Apr 3, 2021. It is now read-only.

Custom parameters added to GetRequestString() are stripped off, resulting in wrong request #18

Open
MikelThief opened this issue Sep 4, 2019 · 2 comments

Comments

@MikelThief
Copy link

MikelThief commented Sep 4, 2019

Hello,

Every time I add my own set of parameters to OAuthRequest.GetAuthorizationQuery() they are stripped off the resulting query string. However, the signature is being calculated taking them into consideration. This results in wrong authorization query being returned.

I believe the issue exists since 2.X. The issue lies in line 214 of OauthRequest.cs as my parameters do not begin with oauth_ and I the official standard says nothing about such a restriction

@MikelThief MikelThief changed the title Custom parameters added to GetRequestString() are bing stripped resulting in wrong request Custom parameters added to GetRequestString() are stripped off, resulting in wrong request Sep 5, 2019
@rhargreaves
Copy link
Owner

I believe the GetAuthorizationQuery() method is only supposed to return those parameters that are added as part of the OAuth signing. You will need to append the output of that method to your existing URL to get a valid request URL.

See intended usage here:

// Using URL query authorization
string auth = client.GetAuthorizationQuery();
var url = client.RequestUrl + "?" + auth;
var request = (HttpWebRequest)WebRequest.Create(url);

(https://github.com/rhargreaves/oauth-dotnetcore/tree/7267b3a5f3085d05b8e779c6affb3e2be52e23cc#making-requests)

@MikelThief
Copy link
Author

Thank you for the answer :)

I currently use the library the following way (fieldString and nodeId are coming from the outside):

var additionalParametersDict = new Dictionary<string, string>
{
    {"fields", fieldsString},
    {"node_id", nodeId.ToString()}
};
return $"{UnderlyingOAuthRequest.RequestUrl}?" +
    UnderlyingOAuthRequest.GetAuthorizationQuery(parameters: additionalParametersDict);

I assumed that since the request string body and its authorization part (nonce) are bonded together should not really strip off parts of data which have real influence on the output.

Would you then recommend to use it like this (assuming ToQuery() method will create a query string of form a=b&c=d)?

var additionalParametersDict = new Dictionary<string, string>
{
    {"fields", fieldsString},
    {"node_id", nodeId.ToString()}
};
return $"{UnderlyingOAuthRequest.RequestUrl}?"
    + UnderlyingOAuthRequest.GetAuthorizationQuery(parameters: additionalParametersDict)
    + additionalParametersDict.ToQuery();

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants