Forum OpenACS Development: Strict RFC 3986 url encoding

Collapse
1: Strict RFC 3986 url encoding
Posted by Guan Yang on 04/15/09 10:04 PM

While implementing client support for OAuth authentication for Twitter, I needed a url encoding procedure that strictly conforms to RFC 3986, which ns_urlencode and ad_urlencode do not. This is necessary for the HMAC signatures used in OAuth. RFC 3986 only has four reserved characters apart from ASCII letters and numbers: _.-~

Here's the code I used, in case anyone else needs it in the future: 

    set enc [ns_urlencode $string]
    set enc [string map -nocase {%2d - %5f _ %2e . + %20 %7e ~} $enc]

    # Capitalize
    set map [list]
    foreach {m c} [regexp -all -inline {%([a-f][0-9a-f]|[0-9a-f][a-f])} $enc] {
        if { ![info exists matched($m)] } {
            lappend map $m [string toupper $m]
            set matched($m) ""
        }
    }
    set enc [string map $map $enc]

There's probably a better way of capitalizing the codes.

Collapse
2: Re: Strict RFC 3986 url encoding (response to 1)
Posted by Dave Bauer on 10/21/10 10:50 PM
Hmmm

Reading the RFC

reserved = gen-delims / sub-delims

gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"

sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="

It looks like all those are reserved.

Do you have a reference to what reserved characters you are referring to?

Thanks
Dave

Collapse
3: Re: Strict RFC 3986 url encoding (response to 2)
Posted by Guan Yang on 10/21/10 10:55 PM
I think I should have said “unreserved characters”. They are in section 2.3:

unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
Collapse
4: Re: Strict RFC 3986 url encoding (response to 1)
Posted by Dave Bauer on 10/21/10 11:07 PM
Ah ok that makes more sense Thanks!!
Collapse
5: Re: Strict RFC 3986 url encoding (response to 1)
Posted by Dave Bauer on 10/04/11 01:18 AM
Hi,

Can you share your OAuth Code?

Collapse
6: Re: Strict RFC 3986 url encoding (response to 5)
Posted by Steffen Tiedemann Christensen on 10/04/11 07:19 AM
Hey Dave,

Are you looking for a client implementation of OAuth 1.0a or for something broader?

(Actually Guan's project ended up in both a server and client side library, so there's something to share at least -- we've just never cleaned it up sufficiently to do so. This would serve as a good opportunity.)

Steffen

Collapse
7: Re: Strict RFC 3986 url encoding (response to 6)
Posted by Dave Bauer on 02/29/12 06:02 PM
Hi,

Any updates on this? Did you ever implement OAuth 2?

Has anyone else implemented OAuth 2 as now required by most services?

Collapse
8: Re: Strict RFC 3986 url encoding (response to 7)
Posted by Guan Yang on 02/29/12 06:04 PM
I haven't seen anything, but OAuth 2 should be much easier because there's no special signature generation required. You just open an HTTPS connection and pass the token.
Collapse
9: Re: Strict RFC 3986 url encoding (response to 1)
Posted by Gustaf Neumann on 04/14/21 02:15 PM
Just a side note to this old thread: NaviServer supports since many years different variants of url-encodings (percent-encodings), such as the classical ones (RFC 3986) or the variants for Cookies (RFC 6265) or the encoding required for oauth1 (RFC 5849). The variant of encoding can be specified via the "-part" option (kept for backwards compatibility).