tags:

views:

424

answers:

2
+1  Q: 

[Rails] OAuth with Digg API

I'm attempting to get Rails to play nice with the Digg API's OAuth. I'm using the oauth gem (ruby one, not the rails one).

My code looks approximately like this:

@consumer = OAuth::Consumer.new(API_KEY, API_SECRET,
  :scheme => :header,
  :http_method => :post,
  :oauth_callback => "http://locahost:3000",
  :request_token_url => 'http://services.digg.com/1.0/endpoint?method=oauth.getRequestToken',
  :access_token_url => 'http://services.digg.com/1.0/endpoint?method=oauth.getAccessToken',
  :authorize_url => 'http://digg.com/oauth/authorize')
  @request_token = DiggController.consumer.get_request_token({
      :oauth_callback => "http://xx.xxx.xxx.x:3000/digg/callback"
    }, {
      'Content-Type' => 'application/x-www-form-urlencoded'
    })
session[:request_token] = @request_token.token
session[:request_token_secret] = @request_token.secret
redirect_to @request_token.authorize_url

Which is by-the-book in terms of what the gem documentation gave me. However, Digg spits a "400 Bad Request" error back at me when @consumer.get_request_token is called. I can't figure out what I'm doing wrong. Any ideas?

Edit: Code updated and Wireshark output added. My error is now "401 Authorization Required".

Output from Wireshark:

POST /1.0/endpoint?method=oauth.getRequestToken HTTP/1.1
Accept: */*
Connection: close
User-Agent: OAuth gem v0.3.6
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_nonce="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  oauth_callback="http%3A%2F%2Fxx.xxx.xxx.x%3A3000%2Fdigg%2Fcallback",
  oauth_signature_method="HMAC-SHA1",
  oauth_timestamp="1268687137",
  oauth_consumer_key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  oauth_signature="xxx%2Bxxxxxxxxxxxxxxx%2Fxxxxxxx%3D", oauth_version="1.0"
Content-Length: 48
Host: services.digg.com

Content-Type=application%2fx-www-form-urlencoded



HTTP/1.1 401 Authorization Required
Date: Mon, 15 Mar 2010 21:05:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-control: private
X-RateLimit-Current: 1
X-RateLimit-Max: 1000
X-RateLimit-Reset: 3600
X-Digg-Api-Version: 1.0
Accept-Ranges: bytes
Content-Length: 111
Keep-Alive: timeout=5, max=9998
Connection: Keep-Alive
Content-Type: text/xml;charset=utf-8

<?xml version="1.0" encoding="UTF-8"?>
<error code="5001" message="Invalid
signature" timestamp="1268687137"/>
A: 

Incidentally, the callback parameter should not be localhost:3000 but rather your public IP address (making sure to also open up port 3000 for external connections in your computer and/or router firewall(s)), or be left to the default (out-of-band.)

Examine the contents of the OAuth::Unauthorized exception which gets thrown (or use a sniffer such as tcpdump or Wireshark) to get additional details about the HTTP 400 error (they are probably having issues with some of your parameters.)

vladr  2010-03-11 05:15:30
Thanks for the tip, but I never even get to the Digg authorization page. The only param that seems to matter at the moment is request_token_url.
Karl  2010-03-11 05:30:03
Use tcpdump or Wireshark to see what digg answers back to you in the body of the HTTP 400. Incidentally, is http://community.freshbooks.com/forums/viewtopic.php?pid=26769 of any help?
vladr  2010-03-11 06:05:53
I use localhost:3000 like callback in Oauth connection to Twitter and MyspaceID. So can't block
shingara  2010-03-11 09:14:05
Just because "you use it" doesn't mean it's correct. RTFM @shingara, http://oauth.net/core/1.0a/ And who said anything about "blocking"?
vladr  2010-03-11 15:38:52
Using Wireshark I discovered it was a problem with the content-type, which I believe I have fixed but am now getting an "Error 401 Authorization Required", telling me I have an "Invalid Signature".
Karl  2010-03-11 21:57:30
In Wireshark, can you right-click on any of the packets going to or coming from Digg, then pick "Follow TCP stream", then copy/paste here the full HTTP conversation (including headers etc.), masking out your key or part of your key with "xxxx" (but maintaining the same lengths as the originals if possible?)
vladr  2010-03-12 04:41:19
I've edited my original post with the TCP stream, is that what you were looking for? Thanks for all the help!
Karl  2010-03-15 21:14:50
You may also need to set the oauth realm. Also, your post body only contains the url-encoded Content Type, when it should probably contain something else (although not sure if Digg even looks at that i.e. at the POST form parameters before throwing you out or if it only looks at the OAuth header.)
vladr  2010-03-16 23:11:24
A: 

Was there any resolution on this? I am having the exact same problem as the original poster.

 2010-03-16 19:50:54

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?