OAuth - Added Body Signing
I just published a new version of our OAuth server and consumer code. The major addition to this version is support for body signing
The body signing is done using the xoauth_body_signature and the optional xoauth_body_signature_method parameters.
These parameters are calculated and added to base string for the main oauth_signature calculation. As such the body is signed and the base string is not lengthened with the complete body.
Body signing is now supported for:
• HTTP PUT requests
• HTTP POST requests with a mime type other than application/x-www-form-urlencoded and multipart/form-data
Whenever you make a POST with a body other than the above two mime types, then the POST parameters are added as a query string to the request url. In this way we can transport a file in the body of the POST and additional parameters in the query string. This is practical as OAuth still doesn't support multipart/form-data requests.
You can download the new version
The future
Next will be the addition of OAuth discovery. I am looking forward to the finished discovery specs, Eran said that they will be simpler than the first draft!
We still need to make the code completely independent of the anyMeta code. This is a nice project for when everything is tested and stable. Any volunteers?
mediamatic release code php download opensource oauth gpl taintedarray fixes
A PHP library for OAuth consumers and servers. Complete with an extensible OAuth store, includi...
When using memcache we bumped into some problems. The major one was that we needed to invalidate...
We just wrapped up the 3.1.2 release of anyMeta. We made q...
After seeing the BiD Network competition come to a succes...
We just released anyMeta 3.1.3 and updated our servers to work with this new version. The sites...
Using the OAuth code we published earlier, we created an online test se...
php download gpl code technical opensource library memcache memcached oauth
A PHP library for OAuth consumers and servers. Complete with an extensible OAuth store, includi...
Here is the full implementation of OAuth for anyMeta. For now we...
When using memcache we bumped into some problems. The major one was that we needed to invalidate...
Verso Wiki is a Wiki to HTML and HTML to Wiki markup translator. We use this W...
All Internet applications have to secure their inner workings against attacks from outside. We a...
There is a new and better version of this memcached clone. Please check ou...
download opensource gpl php code technical oauth mediamatic library versowiki
A PHP library for OAuth consumers and servers. Complete with an extensible OAuth store, includi...
Here is the full implementation of OAuth for anyMeta. For now we...
When using memcache we bumped into some problems. The major one was that we needed to invalidate...
Verso Wiki is a Wiki to HTML and HTML to Wiki markup translator. We use this W...
taintedarray release mediamatic tainted security injection php technical ruby hacking
After seeing the BiD Network competition come to a succes...
We just released anyMeta 3.1.3 and updated our servers to work with this new version. The sites...
All Internet applications have to secure their inner workings against attacks from outside. We a...