Issue is shown when using the following snippet:
import * as OAuth from 'oauth';
const manager = new OAuth.OAuth('', '', 'key', 'secret', '1.0', () => {}, 'HMAC-SHA1');
manager.signUrl('https://example.com?query=a&query=b')
I get the following result:
https://example.com/?oauth_consumer_key=key&oauth_nonce=<nonce>&oauth_signature_method=HMAC-SHA1&oauth_timestamp=<timetamp>&oauth_version=1.0&query[0]=a&query[1]=b&oauth_signature=<signature>
The problem is that [0] and [1] are added where they did not exist before. The issues with this are:
- the OAuth provider may not support array indexing using brackets so even URL encoding them will not work in this case (e.g. old .NET services might not, I have not personally encountered this but I know it is a possibility).
- these brackets do not work in Tomcat 8.5+ because they are not allowable characters based on RFC 7230 and RFC 3986 there's also a stackoveflow issue about this (this issue I have personally encountered after an OAuth service I rely on upgraded their Tomcat server).
Ideally this library should not modify the parts of the input url, only add the additional OAuth fields.
Issue is shown when using the following snippet:
I get the following result:
The problem is that [0] and [1] are added where they did not exist before. The issues with this are:
Ideally this library should not modify the parts of the input url, only add the additional OAuth fields.