tags:

views:

129

answers:

4
Q: 

Ruby on Rails OAuth application works on client but not on server (OAuth::Unauthorized (401 Unauthorized))

Hi,

I have a Ruby on Rails application that works great in my computer and in my server. I'm moving this application to another server that runs on another hosting service, and I got a problem related to the OAuth Ruby Gem.

Any request I do using OAuth gem, I get:

OAuth::Unauthorized (401 Unauthorized):
  oauth (0.4.3) lib/oauth/consumer.rb:217:in `token_request'
  oauth (0.4.3) lib/oauth/consumer.rb:139:in `get_request_token'
  ...

My code is:

def self.consumer
  # The readkey and readsecret below are the values you get during registration
  OAuth::Consumer.new("XXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "YYYYYYYYYYYYYYYYYYYYYYYYYYYY", {:site => "http://api.twitter.com"})
end

def create_authorize_url
  @request_token = UserController.consumer.get_request_token(:oauth_callback => "http://mysite.com/callback")
  session[:request_token] = @request_token.token
  session[:request_token_secret] = @request_token.secret

  redirect_to @request_token.authorize_url
end

The problem is that the same code works well on my computer and in another servers. This happens only in one server. There's anything related to the firewall or something that can block OAuth calls?

I searched this error a lot and I didn't get any answer, and that's why I am asking this here.

Thanks.

A: 

Please, post more informations about your environment. gem list and ruby version

 2010-10-06 02:19:59
A: 

Sorry. The gems installed on the server: 

root@server1:~# gem list

*** LOCAL GEMS ***

actionmailer (2.3.8)
actionpack (2.3.8)
activerecord (2.3.8)
activeresource (2.3.8)
activesupport (3.0.0, 2.3.8)
addressable (2.2.1)
builder (2.1.2)
facebook_oauth (0.2.0)
faraday (0.4.6)
ffi (0.6.3)
hpricot (0.8.2)
json (1.2.4)
mime-types (1.16)
multi_json (0.0.4)
oauth (0.4.3, 0.3.5)
oauth2 (0.0.13)
rack (1.1.0)
rails (2.3.8)
rake (0.8.7)
ruby-hmac (0.4.0)
ruby-mysql (2.9.3)
rubygems-update (1.3.7)
sqlite3-ruby (1.3.1)
tmail (1.2.7.1)
twitter_oauth (0.4.3)

Server's Ruby version: 

root@server1:~# ruby -v
ruby 1.8.7 (2010-01-10 patchlevel 249) [x86_64-linux]

Thanks for helping.

Pedro Franceschi  2010-10-06 02:35:29
A: 

Ok, here's the working server gems and Ruby version.

Gems:

root@phcf:/www/rails# gem list

*** LOCAL GEMS ***

aaronp-frex (1.0.1)
actionmailer (2.3.8, 2.3.5)
actionpack (2.3.8, 2.3.5)
activerecord (2.3.8, 2.3.5)
activeresource (2.3.8, 2.3.5)
activesupport (2.3.8, 2.3.5)
addressable (2.2.1)
chronic (0.2.3)
configuration (1.1.0)
daemons (1.0.10)
eventmachine (0.12.10)
facebook_oauth (0.2.0)
faraday (0.4.6)
fastthread (1.0.7)
gemcutter (0.5.0)
gruff (0.3.6)
heroku (1.10.8, 1.9.13)
highline (1.5.2)
hoe (2.5.0)
hpricot (0.8.2)
json (1.2.2)
json_pure (1.2.3)
launchy (0.3.7)
mime-types (1.16)
multi_json (0.0.4)
mysql (2.8.1)
net-sftp (2.0.4)
net-ssh (2.0.23)
nokogiri (1.4.1)
oauth (0.4.3)
oauth2 (0.0.13)
passenger (2.2.9)
pastiepacker (1.1.1)
rack (1.1.0, 1.0.1)
rails (2.3.8, 2.3.5)
rake (0.8.7)
rest-client (1.4.2)
rmagick (2.12.2)
rubyforge (2.0.4)
rubygems-update (1.3.5)
shared-mime-info (0.1)
steam-condenser (0.10.0, 0.9.0)
thin (1.2.5)
tmail (1.2.7.1)
twitter_oauth (0.4.3)
unicorn (0.96.1)
xmpp4r (0.5)
xmpp4r-simple (0.8.8)

Ruby version:

root@phcf:/www/rails# ruby -v
ruby 1.8.7 (2008-08-11 patchlevel 72) [x86_64-linux]
Pedro Franceschi  2010-10-06 16:28:15
A: 

Try rescuing the OAuth::Unauthorized exception and inspecting its wrapped response. Something like:

def create_authorize_url
  @request_token = UserController.consumer.get_request_token(:oauth_callback => "http://mysite.com/callback")
  session[:request_token] = @request_token.token
  session[:request_token_secret] = @request_token.secret

  redirect_to @request_token.authorize_url
rescue OAuth::Unauthorized => e
  logger.error e.response.inspect
end

The OAuth provider may add additional information in the 401 response they send you. A 401 on a request token request seems a little odd to me, but the oauth spec does talk about it some.

One suspicion I have is that the hosting service you are looking to use may be blocked by the provider due to bad behavior. In which case you need to talk to them about it.

But, we can't really know why without more information.

BaroqueBobcat  2010-10-06 16:57:50
The response from Twitter's API is "Failed to validate oauth signature and token". The problem seems to be in the generation of the HTTP Request. Any idea, people? Thanks.
Pedro Franceschi  2010-10-06 17:55:08
Have you looked at this post: http://blainegarrett.com/2009/07/14/failed-to-validate-oauth-signature-and-token-on-twitter-oauth-check-your-cloc/ *tl;dr* your signatures will be wrong if your clock is to far off from Twitter's.
BaroqueBobcat  2010-10-06 18:15:16

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.