Comment 4 for bug 1054803

This is a bit depressing. It looks like a class of problem I identified and fixed in https://bugzilla.mozilla.org/show_bug.cgi?id=764312. The fix was merged to the trunk branch, and I verified that it was also in the comm-beta branch while things were still in beta, but it doesn't appear to have made it into the release from what I can tell.

The initial cut of the back end was using OAuth HMAC-SHA1 signatures for authentication, since that is what Thunderbird's existing OAuth library supported. This caused problems due to characters in the URL being escaped or unescaped at some level of our stack (probably Apache or Django) prior to signature verification as described in bug 1013126.