Here for the community? On May 9th, we'll be in New Orleans. Don’t miss out!
Works for me!
Library has moved on again since this patch was posted... will post a patch in a moment ...
Upping the priority, as this causes some serious breakages, for example auth failures on any installation which uses a non-standard port, due to client code signing with eg myhost.com:8080 and the older oauth.module lib validating against myhost.com:8080:8080 (see #1337718: OAuthRequest->http_url defaults to having the port twice! and a couple of other auth issues in the queue)
Sorry, I didn't realise that the final block of the patch wasn't new code in the library but in fact a change that is required for two-legged oauth to work. Sun's original patch still stands. Reposting sun's original patch here for clarity and resetting to previous RTBC status, but leaving the priority at major as there are known bugs with the existing older version.
Having said that, I'm not 100% sure that the oauth.module-specific change is entirely secure (referring to the only remaining difference between google's code and the bundled version here). It looks mainly ok, as it should then be down to calling code to determine whether an empty token is ok ... so I *think* it's ok, but would be good to track down where this difference came from to be sure.
The dev version of the module uses Libraries API, so instead of containing the library it expects it to be downloaded at sites/all/libraries/oauth/OAuth.php, which fixes this issue.
See #1591692: Replace current OAuth library for more details.
@juampy: Thanks! But btw, I hope you're not adding the Libraries API + oauth library dependency within an existing major version, as that would totally blow up sites that are merely updating from an earlier point release to a new.
Errrm, yes. It is currently at 7.x-3.0 and was going to be available at 7.x-3.1. I created 7.x-4.x to hold the migration to a better library.
Should I better use 7.x-4.x to implement Libraries API and 7.x-5.x for #1591692: Replace current OAuth library? If so, I will revert this work at 7.x-3.x and move those commits to 7.x-4.x.
Totally, I think. No one expects API changes and dependency additions in a point release ;)
OK, reopening in order to do these changes. Thanks for the feedback.
Updated library at Github for 7.x-4.x (using Libraries API):
Applied to 7.x-3.x: http://drupalcode.org/project/oauth.git/commit/6a41b0a
Applied to 6.x-3.x: http://drupalcode.org/project/oauth.git/commitdiff/1f260e0
Automatically closed -- issue fixed for 2 weeks with no activity.
Drupal is a registered trademark of Dries Buytaert.