How do I validate OAuth requests? | ansaurus

tags:

oauth

views:

69

answers:

1

Q:

How do I validate OAuth requests?

I'm trying to use OAuth with Twitter, and I have my head wrapped around the pieces that need to be put in place to get a request token. But, it's not working. And the error message that I'm getting back isn't terribly helpful.

Luckily I found a tester but again, the error message there isn't terribly helpful. "Invalid signature." Ok, great. But since there are several steps involved (truth be told, all of which confuse the hell out of me) in generating the signature, I'm at a loss.

Is there another tool out there that might be more helpful? Maybe one where I can see what the data should be at each step (check that the request concatenation is right, check that the initial signing is right - i'm using HMAC-SHA1, check that the base 64 is right, etc).

+2 A:

Yes. Run, do not walk, to Hueniverse - one of the neatest pieces of Javascript you'll see!

Jeremy McGee 2009-07-17 05:17:40

didn't notice this there the first time I visited that site, which came off like a total tl;dr at first glance. Glad I ran there. :)

bpapa 2009-07-17 05:24:56

Yes, that site does take a while to get going. Worth it in the end though. Another good test site is (of all places) myspace.com.

Jeremy McGee 2009-07-17 05:26:46

related questions

XSRF protection in an AJAX style app

Can OAuth be used to schedule Twitter status updates in the future?

2 legged oauth - looking for information

How to get Uri.EscapeDataString to comply with RFC 3986

OAuth - lexicographical byte value ordering in c#

OpenID authentication from an installed application

What is excatly the technology stack defining Web APIs?

Problem with Google Hybrid Protocol (OpenID + OAuth) Demo

How to integrate google's Step2 with acegi security in the Grails Framework?

OAuth alternative?

OAuth? ,OpenID? Neither? Which one should my site support?

Twitter oAuth callbackUrl - localhost development

Example of a good Webservice

Sorting by key and value in case keys are equal

What does the oauth guide mean by "8 bit array"?

Using OAuth for server-to-server authentication?

Getting 401 on Twitter OAuth POST requests

How do I develop against OAuth locally?

Can OAuth work with mobile phone applications?

Security of REST authentication schemes

How do you manage api keys

How can I verify a Google authentication API access token?

How do you debug an ASP.Net application accessing an OAuth secured API?

oAuth REST and C# What's the missing piece

PHP Tutorial for OpenId and OAuth