Uploaded image for project: 'Spring Social'
  1. Spring Social
  2. SOCIAL-274

change some OAuth 1 classes to handle non-standard OAuth 1 implementations



      When implementing a Spring Social client ( http://github.com/sdouglass/spring-social-tumblr ) for the Tumblr API ( http://www.tumblr.com/docs/en/api/v2 ) I ran into the following issues:

      1. Tumblr expects the request entity-body to be encoded using Latin 1, not UTF-8.
      2. The request entity-body must then be decoded using Latin 1, not UTF-8, during the OAuth 1 signing process.
      3. Tumblr also expects the request parameter names and values to be "Percent Encoded" ( http://tools.ietf.org/html/rfc5849#section-3.6 ) using Latin 1, not UTF-8, during the OAuth 1 signing process.

      I could address issue #1 by calling setCharset("LATIN1") on the FormHttpMessageConverter instance in the RestTemplate.

      However, I could not easily address issues #2 and #3 because I could not customize the behavior of org.springframework.social.oauth1.SigningSupport the way I needed to.

      SigningSupport uses the same hard coded character set (UTF-8) for URL decoding, for OAuth percent encoding, and for OAuth signature generation.

      It would be more flexible if it had three fields, "urlDecodingCharsetName", "percentEncodingCharsetName", and "signatureGenerationCharsetName" with corresponding setter methods. That would allow implementations dealing with non-standard APIs to change the character sets used by calling the setters. The fields could all be initialized to the existing UTF8_CHARSET_NAME constant so that existing implementations would all continue working as they do now.

      Two methods would have to be changed from static to non-static to use those new fields: "oauthEncode()" and "formDecode()"

      To be able to access the SigningSupport instance to customize it, it would be necessary to make org.springframework.social.oauth1.OAuth1RequestInterceptor public, and to add a getter for the "signingUtils" field.

      That way a third party library could call getInterceptors() on the RestTemplate instance, find the OAuth1RequestInterceptor, and customize its SigningSupport instance.




            • Assignee:
              habuma Craig Walls
              sdouglass Sam Douglass
            • Votes:
              2 Vote for this issue
              1 Start watching this issue


              • Created: