Ticket #36 (closed defect: fixed)

Opened 11 months ago

Last modified 9 months ago

Fix OAuth security flaw in OAuth 1.0 spec

Reported by: http://blog.nerdbank.net/ Owned by: http://blog.nerdbank.net/
Priority: critical Milestone: v3.0.3
Component: OAuth Version: v3.0.0 RC1
Keywords: Cc:

Description

 http://oauth.net/advisories/2009-1

Change History

Changed 11 months ago by http://blog.nerdbank.net/

  • status changed from new to accepted
  • milestone changed from v3.0.1 to v3.0.2

Moving to v3.0.2 for final security fix.

Changed 10 months ago by http://blog.nerdbank.net/

  • milestone changed from v3.0.2 to v3.0.3

Changed 9 months ago by http://blog.nerdbank.net/

The OAuth 1.0a DRAFT 3 spec with a couple of minor changes is expected to be the final version. I've begun work to implement it.

Still unknown how interop across 1.0/1.0a versions of the spec will work with this library, if at all. Interop is certainly the goal.

Changed 9 months ago by http://blog.nerdbank.net/

OAuth 1.0a support and working samples are checked into the github OAuth10a branch.

A bit more polish and work on interop with OAuth 1.0 vs. 1.0a probably needs to be done.

Changed 9 months ago by http://blog.nerdbank.net/

  • status changed from accepted to closed
  • resolution set to fixed

Merged oauth10a branch into v3.0. We now have OAuth 1.0a compliance with OAuth 1.0 backward compatibility.

v3.0 e93faf90701f5bd7376535b32b92f059552b17b5

Note: See TracTickets for help on using tickets.