gomodule / oauth1 Goto Github PK

I'm working on a command line tool that fetches data from an oauth1 webserivce. The requests can be highly variable in duration. After getting my solution working with sequential requests, I'm now attempting to add some concurrency to reduce the execution time.

I've modified my code so that the client.Get requests are happening in a go routine where the client is supplied via a pointer argument (all go routines are using the same client). After a few runs against the web service it started giving me errors about the nonce being reused.

In my proxy I could see that early requests were supplying single digit nonce in the authorization header.

I've written this unit test that demonstrates what I'm experiencing.

func TestNonceInGoRoutine(t *testing.T) {
	nonces := make(chan string)

	var getNonce = func(nonces chan<- string) {
		nonces <- nonce()
	}

	count := 5

	for i := 0; i < count; i++ {
		go getNonce(nonces)
	}

	for i := 0; i < count; i++ {
		select {
		case n := <-nonces:
			fmt.Printf("nonce is %s, expected something longer\n", n)

			if len(n) < 8 {
				t.Fatalf("nonce is %s, expected something longer", n)
			}
		}
	}
}

I'm really new to GO so I may have the wrong idea.

• Can I create one client type and pass it around using pointers or should I be creating a new client for each request?
• Is the atomic code in nonce() providing thread safety, and I'm doing something else wrong?

I'm using GO version 1.7.3 on osx.

Should this read:

w.Write(encode(host, false))
w.Write(encode("/", false))
w.Write(encode(path, false))

No matter what I try to do all I get is this error message. Any thoughts as to why? I have everything installed and working correctly =(

It is impossible to make json requests because the methods require url.Values. You could leave those in for backwards compatibility and make the do function public and accept http.Request so the library would handle the authentication and the client code can build the request data in whatever format they need.

In terms of "http" package there is only ability to do PostForm. Correct?
If so, could you please answer is it possible to implement non-form Post by using go-oauth ?

Sadly, Dropbox wants the oauth_callback param on the Authorize endpoint, not the RequestToken. Would you be willing to augment your API to accomodate them?

I have a change in my local copy that I would happily give back, but it requires a change to the API, and you may want to proceed differently.

Let me know,

George

I would like to use Context when making HTTP requests.

https://golang.org/pkg/context/
https://golang.org/pkg/net/http/#Request.WithContext

// Fix existing methods.
func (c *Client) Post(ctx context.Context, client *http.Client, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error) {}

// Or add new method.
func (c *Client) PostContext(ctx context.Context, client *http.Client, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error) {}

I think it is better to modify existing methods.

I'm getting this error when trying one of the example:

Error getting temp cred, Post ~/oauth/request_token/: http.DefaultTransport and http.DefaultClient are not available in App Engine. See https://developers.google.com/appengine/docs/go/urlfetch/overview

I have got access token .How to do when I want post a json data to jira serve. I don't find the good api for me.

Hi,
Just wondering is it possible to do an 0-legged Oauth by your go-oauth?
saying i just get an API key / secret as the consumer key, without any token, is it possible to get the signed url with your go-oauth

when I click "Authorize" or "Sign in with twitter" I see the following error:

Error getting temp cred, OAuth server status 401, <?xml version="1.0" encoding="UTF-8"?>
<hash>
  <error>Desktop applications only support the oauth_callback value 'oob'</error>
  <request>/oauth/request_token</request>
</hash>

I've taken the Consumer Key and Consumer Secret from OAuth Settings under my Twitter Application and put them in config.json

In Twitter example, RequestToken() and RequestTemporaryCredentials() pass nil as first arg (http client), which causes a panic on 1.4.2

It should be http.DefaultClient like in other examples.

After i author with quickbook, i want to post a request to create a item. But i got a error like that
response: %s {"Fault":{"Error":[{"Message":"Unsupported Operation","Detail":"Operation Cannot consume content type is not supported.","code":"500"}],"type":"ValidationFault"},"time":"2017-03-28T23:27:58.219-07:00"}. Can you help check that ?

The following line adds both form and query parameters from the URL

This results in duplicate encoded parameters. Only either/or should be appended. This would also make the method simpler by requiring only the *url.URL since that would contain the query parameters instead of requiring it and the url.Values.

Is there planes to add RSA-SHA1 message signing. Right now I see that HMAC-SHA1 is hard-coded.

Thanks for great work with your library! It helped a lot with my projects, however there is one thing I could use some help with.

In the source it is mentioned that methods for post, get, put and delete are easy to use but not very flexible.

I have been trying to use the low level methods to make my own custom post method that could send a string inside the body with a correct signature.

I failed due to following reasons. I would have to rewrite SetAuthorizationHeader, then authorizationHeader, then oauthParams. This would basically require to rewrite the most low-level part of the module (correct me if I am wrong).

There is some information provided about RFC standard however if I understand it correctly it is about how to pass signature inside the body, not how to generate signature with additional information inside the body.

I would really appreciate some advises on that, also if there is no way to use this library for that I will be happy to contribute and help adding this functionality.

When plugging in my consumer key and secret and test the application it returns:

Error getting temp cred, OAuth server status 401, Failed to validate oauth signature and token

I haven't changed any other files.

Thanks.

According to twitter's own documentation, the token gotten from the temporary credentials URI should be verified with the token in the callback. This is currently not the case, and the token is just taken with the assumption they are identical.

I'm having some trouble using the library to request a url with a space in the path (it's a Dropbox content url, such as https://api-content.dropbox.com/1/files/sandbox/a text file.txt). I get basic request errors if I make the oauth request without escaping the space but if I pre-escape I get errors back from the Dropbox API about an invalid base url for the signature.

If you use GetFile on a filename using this Dropbox library, https://github.com/nickoneill/go-dropbox (which uses your oauth library), you can see what I mean. I can put together an example if you don't see the issue right away.

When you create the Authorization header , you set the oauth_consumer_key and oauth_token to the same value. Are you sure this is correct? For Twitter it expects the App key in oauth_consumer_key and the token in oauth_token, so the values should be different. Or maybe I am missing something?