JakeWharton/Oauth1SigningInterceptor.java

NPE when request's body is null (HTTP GET).

 RequestBody requestBody = request.body();
 Buffer body = new Buffer();
 requestBody.writeTo(body);

I've got wrong signature when the request URL has the same query parameter multiple time. Oauth1SigningInterceptor puts query parameters in a map that cannot contain duplicate keys.

Example URL:
{base_url}/repositories/{user}/{repo}/issues?status=new&status=open

Retrofit:

@GET("/repositories/{user}/{repo}/issues")
Call<IssueFilterResult> issues(
        @Path("user") String user,
        @Path("slug") String repo,
        @Query("status") Iterable status);

Note: status is an iterable.

If somebody is interested here is a fork of this gist targeting Java 7 (no Guava required).

@JakeWharton, thank you for this code, I just removed a monolith dependency from our code base that was used only for this.

Here is a fork that uses Percent Encoding method for URL. (https://tools.ietf.org/html/rfc5849#page-29)

1. Without Percent Encoding (https://gist.github.com/JakeWharton/f26f19732f0c5907e1ab)

URL Encoded:

POST https://example.com/search?keyword=cosm+mi&start=1&limit=10

base string with space encoded as '+':

POST&https%3A%2F%2Fexample.com%2Fsearch&keyword%3Dcosm%2Bmi%26limit%3D10%26oauth_consumer_key%3Ddebf8ca8-416f-4f2d-bf7d-ea045083a643%26oauth_nonce%3DYNxfWmf0IxCwTIY8n9wXbUvGcnJlScUqhrZ53hr1w3Y%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1494508387%26oauth_token%3D8700b3a7-b68a-4225-88ec-6c9117f7828c%26oauth_version%3D1.0%26start%3D1

2. Using Percent Encoding (https://gist.github.com/CosminMihuMDC/03b5396367f8dbe6b52cf89d6b88bcce)

URL Encoded:

POST https://example.com/search?keyword=cosm%20mi&start=1&limit=100

base string with space encoded as '%20':

POST&https%3A%2F%2Fexample.com%2Fsearch&keyword%3Dcosm%2520mi%26limit%3D10%26oauth_consumer_key%3Ddebf8ca8-416f-4f2d-bf7d-ea045083a643%26oauth_nonce%3DYNxfWmf0IxCwTIY8n9wXbUvGcnJlScUqhrZ53hr1w3Y%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1494508387%26oauth_token%3D8700b3a7-b68a-4225-88ec-6c9117f7828c%26oauth_version%3D1.0%26start%3D1

Thanks @JakeWharton, @serj-lotutovici.

UrlEscapers.urlFormParameterEscaper causes crash when sending a post multipart image upload. I have added more detail on stackoverflow https://stackoverflow.com/questions/47253666/java-lang-illegalargumentexception-unexpected-low-surrogate-character-with . Any idea how to fix this ?

I am a very beginner developer. One thing I don't get yet that I have only cosumer_key and consumer_secret but the builder also requires accessToken and accessSecret. Then how can I use this interceptor? It will be very helpful if you can show me an example.

I can't show you an example but the accessToken and accessSecret are user specific credentials that you will also need. So, typically your consumer key and consumer secret are your credentials for accessing an API and the accessToken and accessSecret are the user specific credentials which you have obtained for a user using the OAuth system.

For that stuff, take a look at the following links:
https://developers.google.com/api-client-library/java/google-oauth-java-client/reference/1.20.0/com/google/api/client/auth/oauth/package-summary

https://stackoverflow.com/questions/15194182/examples-for-oauth1-using-google-api-java-oauth/17137361#17137361

https://github.com/codepath/android_guides/wiki/Consuming-APIs-with-Retrofit

If anyone is interested here is a fork using Kotlin that doesn't require an accessToken or accessSecret, and doesn't require Guava.

Hey, Thanks for the job ! I only have one problem, when my query parameter contains a space, it seems that it is not signing correctly the request (i'm consuming Twitter API and it gaves me an authentication error only on this case). Do you have any idea about how to fix that ?