diff options
| author | Kian-Meng Ang <kianmeng@cpan.org> | 2022-07-05 23:02:37 +0800 |
|---|---|---|
| committer | Asif Saif Uddin <auvipy@gmail.com> | 2022-07-06 00:29:54 +0600 |
| commit | 0adbbe10ed8ef822d1c780987fffc56670ce3f9f (patch) | |
| tree | 33ace8a936e784a1184041b500a4ca1692d166ab /docs/oauth1 | |
| parent | 6569ec3c062be7268f4a17f5a371aa29f1bcfa4a (diff) | |
| download | oauthlib-0adbbe10ed8ef822d1c780987fffc56670ce3f9f.tar.gz | |
docs: fix typos
Diffstat (limited to 'docs/oauth1')
| -rw-r--r-- | docs/oauth1/security.rst | 2 | ||||
| -rw-r--r-- | docs/oauth1/server.rst | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/docs/oauth1/security.rst b/docs/oauth1/security.rst index 0fd5c4c..d8b7d6b 100644 --- a/docs/oauth1/security.rst +++ b/docs/oauth1/security.rst @@ -5,7 +5,7 @@ A few important facts regarding OAuth security SSL for all interactions both with your API as well as for setting up tokens. An example of when it's especially bad is when sending POST requests with form data, this data is not accounted for in the OAuth - signature and a successfull man-in-the-middle attacker could swap your + signature and a successful man-in-the-middle attacker could swap your form data (or files) to whatever he pleases without invalidating the signature. This is an even bigger issue if you fail to check nonce/timestamp pairs for each request, allowing an attacker who diff --git a/docs/oauth1/server.rst b/docs/oauth1/server.rst index 2f30c65..2c01ab7 100644 --- a/docs/oauth1/server.rst +++ b/docs/oauth1/server.rst @@ -59,7 +59,7 @@ The client interested in accessing protected resources. **Client secret**: Required for HMAC-SHA1 and PLAINTEXT. The secret the client will use when - verifying requests during the OAuth workflow. Has to be accesible as + verifying requests during the OAuth workflow. Has to be accessible as plaintext (i.e. not hashed) since it is used to recreate and validate request signatured:: @@ -175,7 +175,7 @@ you should consider expiring them as it increases security dramatically. The user and realms will need to be transferred from the request token to the access token. It is possible that the list of authorized realms is smaller than the list of requested realms. Clients can observe whether this is the case -by comparing the `oauth_realms` parameter given in the token reponse. This way +by comparing the `oauth_realms` parameter given in the token response. This way of indicating change of realms is backported from OAuth2 scope behaviour and is not in the OAuth 1 spec. |