ZF-9510: Zend Oauth Client prepareOauth() do not take into account post parameters

Issue Type: Bug Created: 2010-03-22T11:36:04.000+0000 Last Updated: 2010-04-29T06:51:46.000+0000 Status: Resolved Fix version(s): - 1.10.5 (26/May/10)

Reporter: cyril bele (kanjiroushi) Assignee: Pádraic Brady (padraic) Tags: - Zend_Oauth

Related issues: Attachments:



On zend_oauth_client prepareOauth() does not take into account the POST parameters when using schema Zend_Oauth::REQUEST_SCHEME_QUERYSTRING

Issue is that on the server side I use the server provided by oauth… and it takes into account these parameters thus having bad signature.

A fix is to add the post params in the computed signature

        $params = array();
        if (!empty($this->paramsGet)) {
            $params = array_merge($params, $this->paramsGet);
            $query  = $this->getToken()->toQueryString(
                $this->getUri(true), $this->_config, $params
        if (!empty($this->paramsPost)) {
            $params = array_merge($params, $this->paramsPost);
            $query  = $this->getToken()->toQueryString(
                $this->getUri(true), $this->_config, $params


Posted by Pádraic Brady (padraic) on 2010-04-28T09:10:08.000+0000

I'll need some time to check this out. My main concern is that if the ZF client works with other services, is the bug with ZF or with your server's implementation? I'll get back to you in a few days with a final comment on whether a fix will be needed or not.

Posted by Pádraic Brady (padraic) on 2010-04-29T06:51:17.000+0000

Fixed in r22050. Can the reporter confirm the fix works as needed when possible? Thanks!

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.