views:

399

answers:

1

[Cross-posted from the OAuth Ruby Google Group. If you couldn't help me there, don't worry bout it]

I'm working on integrating a project with TripIt's OAuth API and am running into a weird issue.

I authenticate fine, I store and retrieve the token/secret for a given user with no problem, I can even make GET requests to a number of services using the gem. But when I try using the one service I need POST for, I'm getting a 401 "invalid signature" response.

Perhaps I'm not understanding how to pass in data to the AccessToken's post method, so here's a sample of my code:

xml = <<-XML
<Request>
  <Trip>
    <start_date>2008-12-09</start_date>
    <end_date>2008-12-27</end_date>
    <primary_location>New York, NY</primary_location>
  </Trip>
</Request>
XML`

response = access_token.post('/v1/create', {:xml => xml},
{'Content-Type' => 'application/x-www-form-urlencoded'})

I've tried this with and without escaping the xml string before hand. The guys at TripIt seemed to think that perhaps the xml param wasn't getting included in the signature_base_string, but when I output that (from lib/signature/base.rb) I see:

POST&https%3A%2F%2Fapi.tripit.com%2Fv1%2Fcreate&oauth_consumer_key %3D%26oauth_nonce %3Djs73Y9caeuffpmPVc6lqxhlFN3Qpj7OhLcfBTYv8Ww%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1252011612%26oauth_token %3D%26oauth_version%3D1.0%26xml%3D%25253CRequest%25253E %25250A%252520%252520%25253CTrip%25253E%25250A %252520%252520%252520%252520%25253Cstart_date%25253E2008-12-09%25253C %252Fstart_date%25253E%25250A %252520%252520%252520%252520%25253Cend_date%25253E2008-12-27%25253C %252Fend_date%25253E%25250A %252520%252520%252520%252520%25253Cprimary_location%25253ENew %252520York%252C%252520NY%25253C%252Fprimary_location%25253E%25250A %252520%252520%25253C%252FTrip%25253E%25250A%25253C%252FRequest%25253E %25250A

This seems to be correct to me.

I output signature (from the same file) and the output doesn't match the oauth_signature param of the Auth header in lib/client/ net_http.rb. It's been URL-encoded in the auth header. Is this correct?

Anyone know if the gem is broken/if there's a fix somewhere? I'm finding it hard to trace through some of the code.

A: 

Your oauth_token is empty. Not familiar with the protocol, is that ok?

Once you include the correct token, please also remember to use token_secret in the signing.

ZZ Coder