← Back to team overview

tomdroid-dev team mailing list archive

Re: tomdroid oauth / oauth_verifier not sent


Hi again,

> I'm implementing my own tomboy rest api sync server based on owncloud.
> It works fine for tomboy, but I fail to authorize tomdroid 0.7.5.
> The server redirects to
> > tomdroid://sync?oauth_token=foo&oauth_verifier=bar
> and then tomdroid tries to fetch the access token.
> Why is oauth_verifier missing?

Tomdroid uses signpost as oauth library. This lib detected our
server as OAuth 1.0 and not 1.0a because callback_confirmed was "TRUE"
instead of "true".

OAuth 1.0 does not have the verifier parameter, so it was ignored
and not sent to our server.
The OAuth RFC 5849 specifies in section 2.1:
    MUST be present and set to "true".
TRUE is not true, so we failed to implement the spec correctly.

With that fixed, tomdroid authorizes fine with grauphel.
Syncing still bails out, but that's another problem :)

Without access to the source code of both tomdroid and signpost I would
not have been able to find the error. Open source ftw.

Regards/Mit freundlichen Grüßen
Christian Weiske

-=≡ Geeking around in the name of science since 1982 ≡=-

Attachment: signature.asc
Description: PGP signature

Follow ups