Origin: https://github.com/amir/bti/commit/0274a9f8e0032e66a112614e9da7d6e8776a321a
Bug-Debian: http://bugs.debian.org/602507
Forwarded: yes
Reviewed-by: gregor herrmann <gregoa@debian.org>
Last-Update: 2010-11-23

From: Amir Mohammad Saied <amirsaied@gmail.com>
Date: Sun, 7 Nov 2010 13:16:16 +0330
Subject: [PATCH] Fixing Identi.ca's OAuth request_token URI

Revision "a" of OAuth 1.0 mandates the presence of "oauth_callback"
parameter.

Usually libraries appends an "oob" (Out of Band) oauth_callback if you
don't provide a valid callback url, and don't specify that you don't
want "OAuth 1.0a".

But apparently our library of choice for OAuth (liboauth) does not do
this, though the code is in library but commented out.

src/oauth.c:675-680 (as in HEAD, and 0.9.0 tarball):

675 #if 0 // oauth_version 1.0 Rev A
676   if (!oauth_param_exists(argv,argc,"oauth_callback")) {
677     snprintf(oarg, 1024, "oauth_callback=oob");
678     oauth_add_param_to_array(argcp, argvp, oarg);
679   }
680 #endif

So for now, we have to add this to our request_token URI.

--- a/bti.c
+++ b/bti.c
@@ -307,7 +307,7 @@
 static const char twitter_request_token_uri[]  = "http://twitter.com/oauth/request_token";
 static const char twitter_access_token_uri[]   = "http://twitter.com/oauth/access_token";
 static const char twitter_authorize_uri[]      = "http://twitter.com/oauth/authorize?oauth_token=";
-static const char identica_request_token_uri[] = "http://identi.ca/api/oauth/request_token";
+static const char identica_request_token_uri[] = "http://identi.ca/api/oauth/request_token?oauth_callback=oob";
 static const char identica_access_token_uri[]  = "http://identi.ca/api/oauth/access_token";
 static const char identica_authorize_uri[]     = "http://identi.ca/api/oauth/authorize?oauth_token=";