Yet another Sunday without sun in Amsterdam… I spent the afternoon fixing an issue with empty URL paths for liboauth.
After scraping the documentation I choose to
insert a slash before the [first] '?' (or '&' or end of string) if and only if there is no '/' between the protocol's /:\/[\/]*/ and the delimiter.
It looks like a dirty hack, but checking the BNF this seems perfectly ok. All slashes in the /authority/-part of the URL (userinfo, host) should have been escaped. This was too easy and I had still some coffee left, so I went on to tackle RSA-SHA1 signatures and other open ToDo items..
Openssl gave me quite a headache, that got resolved over an Indian dinner with Florian; he's just back from CERN - angry against bloggers who misinform about the LHC - carrying the spirit of Johnatan R. Ellis: the web strikes back.
With a deep sigh, I've released liboauth 0.3.0 last night. It's the first version that implements the complete oAuth-1.0 spec.
I went over four version steps, adding missing functions and a oAuth consumer example. I was tempted to call this a v1.0 or at least v0.9 which may happen during the next weeks. I'm in contact with Marc Powell about integrating liboauth with curl; and the code will definitely come in handy for implementing apache's