Oauth Questions

Hello,

I have tried and finally succeeded in posting a token using oauth (pnfw/register) but it wasn’t easy and I have a few questions.

First I would like to say I am not an expert in web development and there are just a few points I need some help to understand, I hope you will have the time to enlighten those!

So. I’ve had a hard time making this work so I finally had to go into the code of the plugin to understand why. Actually there are 2 instructions I don’t understand and which were the source of my issues:

In includes/api/class-pnfw-api.php the function check_oauth_signature():

at a point you sort the request parameters:

if (!uksort($params, 'strcmp')) {
   $this->json_error('401', __('Failed to sort parameters', 'push-notifications-for-wp'));
  }

If I understood well, the params are then sorted alphabetically so if I send the request with my params not sorted it won’t work? Because HMAC-SHA1 won’t give the same result for ‘string1string2’ and ‘string2string1’.

The 2nd point:

$api_consumer_secret = get_option('pnfw_api_consumer_secret');

  $key_parts = array($api_consumer_secret, '');
  $key = implode('&', $key_parts);

you get the consumer_secret from wordpress, then you convert it to an array and get it back to a string and append the ‘&’ char at the end. So when I hash my signature base string with the consumer_secret, if I don’t append that ‘&’ the request doesn’t work, is this supposed to be this way? why?

Thank you for your time !
Best Regards !

Clementbu