summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/DotNetOpenAuth.Test/OAuth/ChannelElements/OAuthChannelTests.cs7
-rw-r--r--src/DotNetOpenAuth/OAuth/ChannelElements/OAuthChannel.cs1
2 files changed, 8 insertions, 0 deletions
diff --git a/src/DotNetOpenAuth.Test/OAuth/ChannelElements/OAuthChannelTests.cs b/src/DotNetOpenAuth.Test/OAuth/ChannelElements/OAuthChannelTests.cs
index d3f6878..b7168a7 100644
--- a/src/DotNetOpenAuth.Test/OAuth/ChannelElements/OAuthChannelTests.cs
+++ b/src/DotNetOpenAuth.Test/OAuth/ChannelElements/OAuthChannelTests.cs
@@ -362,6 +362,7 @@ namespace DotNetOpenAuth.Test.OAuth.ChannelElements {
{ "Name", "Andrew" },
{ "Location", "http://hostb/pathB" },
{ "Timestamp", XmlConvert.ToString(DateTime.UtcNow, XmlDateTimeSerializationMode.Utc) },
+ { "realm" , "someValue" },
};
IProtocolMessage requestMessage = this.channel.ReadFromRequest(CreateHttpRequestInfo(scheme, fields));
Assert.IsNotNull(requestMessage);
@@ -370,6 +371,12 @@ namespace DotNetOpenAuth.Test.OAuth.ChannelElements {
Assert.AreEqual(15, testMessage.Age);
Assert.AreEqual("Andrew", testMessage.Name);
Assert.AreEqual("http://hostb/pathB", testMessage.Location.AbsoluteUri);
+ if (scheme == HttpDeliveryMethods.AuthorizationHeaderRequest) {
+ // The realm value should be ignored in the authorization header
+ Assert.IsFalse(((IMessage)testMessage).ExtraData.ContainsKey("realm"));
+ } else {
+ Assert.AreEqual("someValue", ((IMessage)testMessage).ExtraData["realm"]);
+ }
}
}
}
diff --git a/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthChannel.cs b/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthChannel.cs
index fe1f89c..d1d4f18 100644
--- a/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthChannel.cs
+++ b/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthChannel.cs
@@ -119,6 +119,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
// First search the Authorization header.
string authorization = request.Headers[HttpRequestHeader.Authorization];
var fields = MessagingUtilities.ParseAuthorizationHeader(Protocol.AuthorizationHeaderScheme, authorization).ToDictionary();
+ fields.Remove("realm"); // ignore the realm parameter, since we don't use it, and it must be omitted from signature base string.
// Scrape the entity
if (!string.IsNullOrEmpty(request.Headers[HttpRequestHeader.ContentType])) {
generated by cgit v1.1 at 2025-05-29 00:53:40 +0000