Bug #66632 for Catalyst-Authentication-Credential-OAuth: Defaulting to OAuth 1.0 breaks Twitter support

Tue Mar 15 08:55:23 2011 jpasche [...] jonaspasche.com - Ticket created

Subject:	Defaulting to OAuth 1.0 breaks Twitter support
Date:	Tue, 15 Mar 2011 13:55:07 +0100
To:	bug-Catalyst-Authentication-Credential-OAuth [...] rt.cpan.org
From:	Jonas Pasche <jpasche [...] jonaspasche.com>

Hi there, using version 0.03 I find the following line commented out in OAuth.pm: #$Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A; Later in the code, the following snippet can be found: sub authenticate { ... my %defaults = ( ... oauth_version => '1.0a', ... ); ... } However I don't see how this is meant to work. The current version of Net::OAuth (0.27) states that setting $Net::OAuth::PROTOCOL_VERSION is still the way to go: http://search.cpan.org/perldoc?Net%3A%3AOAuth#OAUTH_1.0A Leaving OAuth.pm unchanged, authenticating using Twitter fails with the following message: 2011-03-15 13:16:53.869052500 [error] Caught exception in Demo::Controller::Login->oauth "Parameter oauth_callback_confirmed not valid for a message of type Net::OAuth::RequestTokenResponse at /home/jonas/perl5/lib/perl5/Catalyst/Authentication/Credential/OAuth.pm line 111" Setting $Net::OAuth::PROTOCOL_VERSION to the 1.0a protocol version in OAuth.pm simply makes things work. This is a bit amazing because the "Bugs" section of the docs say "Only tested with twitter" while exactly that does _not_ work out of the box. :-) Now that Catalyst::Authentication::Credential::OAuth is a generic OAuth module, I'd appreciate to support both 1.0 and 1.0a providers. The section in the Net::OAuth docs mentioned above provides a code snippet which tries 1.0a authentication and automatically issues a fallback to 1.0 if that fails. Are there any chances to incorporate something like this into the Catalyst plugin? Jonas

Download signature.asc
application/pgp-signature 198b

Message body not shown because it is not plain text.

Tue Mar 22 04:27:44 2011 bobtfish [...] bobtfish.net - Correspondence added

On Tue Mar 15 08:55:23 2011, jpasche@jonaspasche.com wrote: Show quoted text

> Now that Catalyst::Authentication::Credential::OAuth is a generic > OAuth > module, I'd appreciate to support both 1.0 and 1.0a providers. The > section in the Net::OAuth docs mentioned above provides a code snippet > which tries 1.0a authentication and automatically issues a fallback to > 1.0 if that fails. Are there any chances to incorporate something like > this into the Catalyst plugin?

Hi Jonas. Sorry for the delayed response here. I'm not actually using this code myself - is there any chance that you could have a play around and come up with a patch to fix this? I'd be extremely happy to review / release it if you can. Cheers Tomas

Tue Mar 22 04:27:45 2011 The RT System itself - Status changed from 'new' to 'open'

Tue Mar 22 04:35:22 2011 COSMIN [...] cpan.org - Correspondence added

Sorry for the very late reply, I'm actually using the code(but yes, sometime along the lines don't know what happened. I'm working on the new version that should support 1.0 and 1.0a, and testing with more then twitter. So far I've been successful with twitter and google. Also, adding extra_params support to it, because some services do require it ( see google ) I didn't had much time to finish it tho, but in a few days I think it will be ready. On Tue Mar 15 08:55:23 2011, jpasche@jonaspasche.com wrote: Show quoted text

> Hi there, > > using version 0.03 I find the following line commented out in > OAuth.pm: > > #$Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A; > > Later in the code, the following snippet can be found: > > sub authenticate { > ... > my %defaults = ( > ... > oauth_version => '1.0a', > ... > ); > ... > } > > However I don't see how this is meant to work. The current version of > Net::OAuth (0.27) states that setting $Net::OAuth::PROTOCOL_VERSION is > still the way to go: > > http://search.cpan.org/perldoc?Net%3A%3AOAuth#OAUTH_1.0A > > Leaving OAuth.pm unchanged, authenticating using Twitter fails with > the > following message: > > 2011-03-15 13:16:53.869052500 [error] Caught exception in > Demo::Controller::Login->oauth "Parameter oauth_callback_confirmed not > valid for a message of type Net::OAuth::RequestTokenResponse > at >

/home/jonas/perl5/lib/perl5/Catalyst/Authentication/Credential/OAuth.pm Show quoted text

> line 111" > > Setting $Net::OAuth::PROTOCOL_VERSION to the 1.0a protocol version in > OAuth.pm simply makes things work. This is a bit amazing because the > "Bugs" section of the docs say "Only tested with twitter" while > exactly > that does _not_ work out of the box. :-) > > Now that Catalyst::Authentication::Credential::OAuth is a generic > OAuth > module, I'd appreciate to support both 1.0 and 1.0a providers. The > section in the Net::OAuth docs mentioned above provides a code snippet > which tries 1.0a authentication and automatically issues a fallback to > 1.0 if that fails. Are there any chances to incorporate something like > this into the Catalyst plugin? > > Jonas

Tue Mar 22 04:35:35 2011 COSMIN [...] cpan.org - Taken

Sun Aug 07 15:01:06 2011 bobtfish [...] bobtfish.net - Requestor ps@phillipadsmith.com added

Sun Aug 07 15:01:19 2011 bobtfish [...] bobtfish.net - Requestor BOBTFISH added

Sun Aug 07 15:02:49 2011 bobtfish [...] bobtfish.net - Correspondence added

On Tue Mar 22 04:35:22 2011, COSMIN wrote: Show quoted text

> I didn't had much time to finish it tho, but in a few days I think it > will be ready.

Hiya Cosmin. There are a couple of extra people hassling us about this (whom I have cc'd in).. Can you commit what you have (even if you don't have any time to finish tidying it up), so that we can get a working new version released ASAP, as people want to use and blog about it? TIA Cheers t0m