| Subject: | signature_base_string does not compile the correct string for RSA signatures |
According to the spec's the base string used for signature's needs to
only be a subset of the headers and sorted. The current base_string
seems to end up including things like user_agent. I've overridden
signature_base_string to better match the spec.
Spec:
http://oauth.net/core/1.0a/#anchor13
Modified Code:
{
no warnings;
*Net::OAuth::Message::signature_base_string = sub{
my $self = shift;
use Util::Log;
# build up non-body parts like the standard sig_base_string
my @base_string_parts = map{ $self->$_ } grep{ $_ ne
'normalized_message_parameters' } @{$self->signature_elements};
my $NMP = $self->normalized_message_parameters;
# now break apart the message so we can muttle with it
my %message = split /[&=]/, $self->normalized_message_parameters;
# build up a string that only contains oauth (and scope) stuff,
sorted
my $NMP = join '&', map{join '=', $_ => $message{$_}} sort
grep{m/^(?:oauth|scope)/} keys %message ;
# now use that to build out the base_string
return join '&', map{Net::OAuth::Message::encode($_)}
@base_string_parts, $NMP;
};
}