Home/ Questions/Q 8448413
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T10:25:15+00:00

When implementing OAUTH, I have the following problem. When creating the signature base, should

  • 0

When implementing OAUTH, I have the following problem. When creating the signature base, should encoded parameters be encoded again or should encoded parameters be left out of the encoding when normalizing parameters?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It seems you need to apply double encoding when I read the documentation:

    For example, the HTTP request:

       POST /request?b5=%3D%253D&a3=a&c%40=&a2=r%20b HTTP/1.1
   Host: example.com
   Content-Type: application/x-www-form-urlencoded
   Authorization: OAuth realm="Example",
                  oauth_consumer_key="9djdj82h48djs9d2",
                  oauth_token="kkk9d7dh3k39sjv7",
                  oauth_signature_method="HMAC-SHA1",
                  oauth_timestamp="137131201",
                  oauth_nonce="7d8f3e4a",
                  oauth_signature="djosJKDKJSD8743243%2Fjdk33klY%3D"

   c2&a3=2+q

    contains the following (fully decoded) parameters used in the
    signature base sting:

               +------------------------+------------------+
           |          Name          |       Value      |
           +------------------------+------------------+
           |           b5           |       =%3D       |
           |           a3           |         a        |
           |           c@           |                  |
           |           a2           |        r b       |
           |   oauth_consumer_key   | 9djdj82h48djs9d2 |
           |       oauth_token      | kkk9d7dh3k39sjv7 |
           | oauth_signature_method |     HMAC-SHA1    |
           |     oauth_timestamp    |     137131201    |
           |       oauth_nonce      |     7d8f3e4a     |
           |           c2           |                  |
           |           a3           |        2 q       |
           +------------------------+------------------+

    Note that the value of “b5” is “=%3D” and not “==”. Both “c@” and
    “c2” have empty values. While the encoding rules specified in this
    specification for the purpose of constructing the signature base
    string exclude the use of a “+” character (ASCII code 43) to
    represent an encoded space character (ASCII code 32), this practice
    is widely used in “application/x-www-form-urlencoded” encoded values,
    and MUST be properly decoded, as demonstrated by one of the “a3”
    parameter instances (the “a3” parameter is used twice in this
    request).

    • 0