Native American Heritage Month

Goodreads Developers discussion

151 views
feature requests > OAuth1 standards not met

Comments Showing 1-6 of 6 (6 new)    post a comment »
dateUp arrow    newest »

message 1: by Ethan (new)
Feb 19, 2016 04:56PM

Ethan | 4 comments According to the OAuth1 Implementation standards, section 6.1.2 (http://oauth.net/core/1.0a/#auth_step1), the request token and secret should be accompanied by `oauth_callback_confirmed` set to true. This is currently missing from your response. I'd like to see this implemented.


message 2: by Jeff (last edited Mar 18, 2016 04:24PM) (new)
Mar 18, 2016 04:23PM

Jeff (jeffwong) | 75 comments Mod
Hi Ethan, thanks for your bug report. We appreciate your looking into this. Is this causing you any other problems with the API?


message 3: by Ethan (new)
Mar 18, 2016 04:25PM

Ethan | 4 comments No problems at all, actually - just the documented standards, so minor note at best.


message 4: by Денис (new)
Feb 21, 2019 11:33PM

Денис Старк | 1 comments Jeffrey wrote: "Hi Ethan, thanks for your bug report. We appreciate your looking into this. Is this causing you any other problems with the API?"
Hi Jeffrey, in flutter Oauth1 plugin oauth_callback_confirmed is expected and throw exception if missing. Please implement it.

See:
https://pub.dartlang.org/documentatio...


message 5: by Connor (new)
Aug 06, 2020 11:56AM

Connor | 1 comments +1 here.

Golang package dghubble/oauth1 requires this property to be set to true.

See:
https://github.com/dghubble/oauth1


message 6: by Alex (new)
Sep 12, 2020 11:42AM

Alex | 4 comments For those wondering, the "oauth_callback_confirmed" is required for OAuth 1.0a, not OAuth 1.0. Goodreads, as far as I can tell, uses 1.0.

This does make it potentially susceptable to session fixation https://oauth.net/advisories/2009-1/


back to top

8095

Goodreads Developers

Group Home Bookshelf Discussions
Photos Videos
Send invite Members Polls
unread topics | mark unread