views:

424

answers:

2

I'm attempting to get Rails to play nice with the Digg API's OAuth. I'm using the oauth gem (ruby one, not the rails one).

My code looks approximately like this:

@consumer = OAuth::Consumer.new(API_KEY, API_SECRET,
  :scheme => :header,
  :http_method => :post,
  :oauth_callback => "http://locahost:3000",
  :request_token_url => 'http://services.digg.com/1.0/endpoint?method=oauth.getRequestToken',
  :access_token_url => 'http://services.digg.com/1.0/endpoint?method=oauth.getAccessToken',
  :authorize_url => 'http://digg.com/oauth/authorize')
  @request_token = DiggController.consumer.get_request_token({
      :oauth_callback => "http://xx.xxx.xxx.x:3000/digg/callback"
    }, {
      'Content-Type' => 'application/x-www-form-urlencoded'
    })
session[:request_token] = @request_token.token
session[:request_token_secret] = @request_token.secret
redirect_to @request_token.authorize_url

Which is by-the-book in terms of what the gem documentation gave me. However, Digg spits a "400 Bad Request" error back at me when @consumer.get_request_token is called. I can't figure out what I'm doing wrong. Any ideas?


Edit: Code updated and Wireshark output added. My error is now "401 Authorization Required".

Output from Wireshark:

POST /1.0/endpoint?method=oauth.getRequestToken HTTP/1.1
Accept: */*
Connection: close
User-Agent: OAuth gem v0.3.6
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_nonce="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  oauth_callback="http%3A%2F%2Fxx.xxx.xxx.x%3A3000%2Fdigg%2Fcallback",
  oauth_signature_method="HMAC-SHA1",
  oauth_timestamp="1268687137",
  oauth_consumer_key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  oauth_signature="xxx%2Bxxxxxxxxxxxxxxx%2Fxxxxxxx%3D", oauth_version="1.0"
Content-Length: 48
Host: services.digg.com

Content-Type=application%2fx-www-form-urlencoded



HTTP/1.1 401 Authorization Required
Date: Mon, 15 Mar 2010 21:05:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-control: private
X-RateLimit-Current: 1
X-RateLimit-Max: 1000
X-RateLimit-Reset: 3600
X-Digg-Api-Version: 1.0
Accept-Ranges: bytes
Content-Length: 111
Keep-Alive: timeout=5, max=9998
Connection: Keep-Alive
Content-Type: text/xml;charset=utf-8

<?xml version="1.0" encoding="UTF-8"?>
<error code="5001" message="Invalid
signature" timestamp="1268687137"/>
A: 

Incidentally, the callback parameter should not be localhost:3000 but rather your public IP address (making sure to also open up port 3000 for external connections in your computer and/or router firewall(s)), or be left to the default (out-of-band.)

Examine the contents of the OAuth::Unauthorized exception which gets thrown (or use a sniffer such as tcpdump or Wireshark) to get additional details about the HTTP 400 error (they are probably having issues with some of your parameters.)

vladr
Thanks for the tip, but I never even get to the Digg authorization page. The only param that seems to matter at the moment is request_token_url.
Karl
Use tcpdump or Wireshark to see what digg answers back to you in the body of the HTTP 400. Incidentally, is http://community.freshbooks.com/forums/viewtopic.php?pid=26769 of any help?
vladr
I use localhost:3000 like callback in Oauth connection to Twitter and MyspaceID. So can't block
shingara
Just because "you use it" doesn't mean it's correct. RTFM @shingara, http://oauth.net/core/1.0a/ And who said anything about "blocking"?
vladr
Using Wireshark I discovered it was a problem with the content-type, which I believe I have fixed but am now getting an "Error 401 Authorization Required", telling me I have an "Invalid Signature".
Karl
In Wireshark, can you right-click on any of the packets going to or coming from Digg, then pick "Follow TCP stream", then copy/paste here the full HTTP conversation (including headers etc.), masking out your key or part of your key with "xxxx" (but maintaining the same lengths as the originals if possible?)
vladr
I've edited my original post with the TCP stream, is that what you were looking for? Thanks for all the help!
Karl
You may also need to set the oauth realm. Also, your post body only contains the url-encoded Content Type, when it should probably contain something else (although not sure if Digg even looks at that i.e. at the POST form parameters before throwing you out or if it only looks at the OAuth header.)
vladr
A: 

Was there any resolution on this? I am having the exact same problem as the original poster.