About spsec

spsec · 10-12-2021

A client encountered an interesting error scenario. They recently got a 401 from an ouath validation failure, but the message was: oauthV2.Oauth-ValidateToken.fault.causeUrlDecoding of the form parameters from the request message failed. The form par...

spsec · 10-01-2021

We have a situation where a proxy will need to support both key or oauth for authentication. Not a great situation, we realize. For the external vendor utilizing key auth, they will have a restricted set of resources available to them. We still will ...

spsec · 10-28-2021

Still curious as to why the oauth policy was having an issue with the invalid/unencoded characters. Perhaps because of support for oauth tokens as form parameters?

spsec · 10-15-2021

Sorry, I left out an important bit of information. The requests that were failing did have illegal/un-encoded characters for "application/x-www-form-urlencoded" but were legitimate for application/json. I believe the offender was '%'. So, they create...

spsec · 10-12-2021

Here it is (scope removed). I'll admit that there's some elements in here that are superfluous at the least. It would be curious if they were part of the cause, though. The policy has historically worked as expected. Oauth-ValidateToken false Ver...

My Stats

clarkshark's Bio

Badges spsec Earned

Recent Activity

OAuth validation error for incorrect Content-Type

Flow variable options for rate limiting when both oauth or key auth are used.

Re: OAuth validation error for incorrect Content-Type

Re: OAuth validation error for incorrect Content-Type

Re: OAuth validation error for incorrect Content-Type