I've been writing an API for a little project I've been working on for a while,
and in searching for a not-horrible way to do OAuth1 authentication, I actually
found a Python library that doesn't suck.
Of course, it's not perfect. I noticed today that it doesn't actually handle
HTTP error responses - it doesn't even check the return code at all, just
assumes that any response it's given will be parseable. Which of course is not
at all true in many cases - including in mine.
So of course I've
forked it and am working on a fix.
Found another bug and made a pull request -
this time in the 'rauth' library, which does OAuth in a reasonable sane way.
Except for this issue - I still have no idea why they're trying to parse the
OAuth response with a utility used for parsing HTTP requests, but hey, I
guess if it works for them, fine. For me though, I need to replace their use of
json.loads(s.decode()) because my response is proper
JSON - shouldn't OAuth responses be JSON anyway?
Whatever, it's late.
Okay so it turns out I was doing silly things like not reading the OAuth spec
and the response should be a query-string type thing like
oauth_token=foo&oauth_token_secret=bar instead, which is what the library
parses just fine by default. Reading specs is a good plan, one I encourage
everyone to do.
My pull request is still valid though, if you really must break the spec, they
have the parser argument already, and it should work in a more sensible way.