Bug #47293 for Net-OAuth: Bug report Net::OAuth 0.16

Hello, Thanks for writing Net::OAuth! I've discovered a bug w.r.t. OAuth 1.0a support in Net::OAuth 0.16. (At least I think I have. I'm currently struggling with a massive head cold, so it's possible that this is all in my imagination.) The bug is in Net::OAuth::Message::from_hash. When from_hash checks parameter names against $class->all_message_params, $class has not yet been (possibly) mangled into the 1.0a version. This means that Net::OAuth::Message will not accept message parameters which are only in the 1.0a version of the message (regardless of the setting of $PROTOCOL_VERSION or the protocol_version argument.) (I hit this bug while trying to parse a 1.0a request token response.) Example: This code snippet: $Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A; my $resp = Net::OAuth->response('request token') ->from_post_body($http_response->content); will die with a message of "Parameter oauth_callback_confirmed not valid for a message of type Net::OAuth::RequestTokenResponse" (if the response includes an 'oauth_callback_confirmed' parameter.) There are many possible fixes. My suggestion for a fix would be to refactor your API a bit so that the class mangling happens earlier. I.e. eliminate the magical hidden reblessing in Net::OAuth::Message::new; and instead fixup Net::OAuth::message so that, e.g., Net::OAuth->response('request token' protocol_version = Net::OAuth::PROTOCOL_VERSION_1_0A) returns 'Net::OAuth::V1_0A::RequestTokenResponse'. Thanks again for your work. Cheers, Jeff Dairiki Shoreline, WA