views:

226

answers:

1

Hi,

I'm working with django-piston to attempt to create an API that supports oAuth.

I started out using the tutorial at:

http://blog.carduner.net/2010/01/26/django-piston-and-oauth/

I added a consumer to piston's admin interface with key and secret both set to "abcd" for test purposes.

The urls are successfully wired-up and the oAuth provider is called.

However, running my get request token tests with tripit (python get_request_token.py "http://127.0.0.1:8000/api" abcd abcd), I receive the following error:

Invalid signature. Expected signature base string: GET&http%3A%2F%2F127.0.0.1%3A8000%2Fapi%2Foauth%2Frequest_token%2F&oauth_consumer_key%3Dabcd%26oauth_nonce%3D0c0bdded5b1afb8eddf94f7ccc672658%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275135410%26oauth_version%3D1.0

The problem seems to lie inside the _check_signature method of Piston's oauth.py, where

valid_sig = signature_method.check_signature(oauth_request, consumer, token, signature)

is returning false. I can't, however, work out how to get the signature validated.

Any ideas?

-----Update-----

If I remove the test consumer from piston's backend, the response returned is correctly set to "Invalid consumer", so this lookup appears to be working.

A: 

The eventual answer I found was to install a working copy of oauth_consumer into the application directory. Once I had added my consumer inside this application, everything worked as expected.

Martin Eve
...further to this, another problem was a discrepancy between a required "/" at the end of the URL; the extra %2F in the request invalidates the signature.
Martin Eve