9:25pm on Apr 29, 2014
I've been writing an API for a little project I've been working on for a while, and in searching for a not-horrible way to do OAuth1 authentication, I actually found a Python library that doesn't suck.
Of course, it's not perfect. I noticed today that it doesn't actually handle HTTP error responses - it doesn't even check the return code at all, just assumes that any response it's given will be parseable. Which of course is not at all true in many cases - including in mine.
So of course I've forked it and am working on a fix.
12:37am on Apr 25, 2014
Found another bug and made a pull request - this time in the 'rauth' library, which does OAuth in a reasonable sane way.
Except for this issue - I still have no idea why they're trying to parse the OAuth response with a utility used for parsing HTTP requests, but hey, I guess if it works for them, fine.
For me though, I need to replace their use of parse_utf8_qsl(s) with json.loads(s.decode()) because my response is proper JSON - shouldn't OAuth responses be JSON anyway?
Whatever, it's late.
Okay so it turns out I was doing silly things like not reading the OAuth spec and the response should be a query-string type thing like oauth_token=foo&oauth_token_secret=bar instead, which is what the library parses just fine by default. Reading specs is a good plan, one I encourage everyone to do.
My pull request is still valid though, if you really must break the spec, they have the parser argument already, and it should work in a more sensible way.