Issue with OAuth and Enterprise Hosting #1
Comments
yrgoldteeth
pushed a commit
to isotope11/oauth
that referenced
this issue
Jun 13, 2012
Sort parameters
brodock
referenced
this issue
in brodock/oauth-ruby
Jun 21, 2013
Add a helper method to flatten nested params so that they can be used by...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I found a problem this week when trying the OAuth gem in the new Engine Yard Flex setup, but equally the problem could occur with any setup where the application using load balancing.
In this case I was using OAuth to verify an incoming OAuth signed request from Myspace. The request comes into the webserver and is promptly load balanced and the request forwarded onto another port. We attempt to verify the incoming request by constructing the signature_base_string from the HTTP method, the hostname and port, and the incoming params. Obviously at this point the port is no longer the original port its the port that it has been forwarded on from. Hence it will never verify as the base_string is different to the one constructed from the secret the incoming params, etc.
While I have a workaround for this, I would hope this behaviour could be catered for in some additional config somehow although I have no idea how at this time. I will however create a fork.
Cheers
RobL
The text was updated successfully, but these errors were encountered: