OAuth signature verification requires that the method used to make

the request be considered when signing the request...we can't assume
we are always using POST - this will cause requests to fail.

diff --git a/framework/Oauth/lib/Horde/Oauth/Request.php b/framework/Oauth/lib/Horde/Oauth/Request.php
index 10e6c96..25a03e0 100644 (file)
--- a/framework/Oauth/lib/Horde/Oauth/Request.php
+++ b/framework/Oauth/lib/Horde/Oauth/Request.php
@@ -22,8 +22,9 @@ class Horde_Oauth_Request
 
     protected $_params = array();
     protected $_url;
+    protected $_method;
 
-    function __construct($url, $params = array())
+    function __construct($url, $params = array(), $method = 'POST')
     {
         if (!isset($params['oauth_version'])) {
             $params['oauth_version'] = self::VERSION;
@@ -37,6 +38,7 @@ class Horde_Oauth_Request
 
         $this->_params = $params;
         $this->_url = $url;
+        $this->_method = $method;
     }
 
     /**
@@ -72,7 +74,7 @@ class Horde_Oauth_Request
     public function getSignatureBaseString()
     {
         $parts = array(
-            'POST',
+            $this->_method,
             $this->_url,
             $this->_getSignableParameters()
         );