Authenticating to a Oauth 2-legged system

3
votes

I'm trying to authenticate to a webservice using 2legged oauth. I have the next one working java example creating the authenticated URL using the signpost library:

 String consumerKey = "KEY";
 String consumerSecret = "SECRET";
 DefaultOAuthConsumer consumer = new DefaultOAuthConsumer(consumerKey, consumerSecret);
 consumer.setTokenWithSecret(consumerKey, consumerSecret);
 return consumer.sign(targetUrl);

And this generates an URL like this

http://example.com/my/method?oauth_consumer_key=KEY&oauth_nonce=4779611081457530684&oauth_signature=v19lL74VVMTibCMja5vnwIE2q5g%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1368778106&oauth_token=KEY&oauth_version=1.0

And I'm trying to recreate it using ruby's oauth. My code looks now like this:

consumer = OAuth::Consumer.new(@creds[:key], @creds[:secret],
                               :site => "URL",
                               :scheme => :query_string)
token = OAuth::AccessToken.new(consumer)
token.get "METHOD"

And generates URLS like:

http://example.com/my/method?oauth_signature_method=HMAC-SHA1&oauth_nonce=7eQe4cAE27uBE9Bftfx7Pcjj1kqfuXHPWt5d3NZw0&oauth_version=1.0&oauth_consumer_key=KEY&oauth_timestamp=1368778250&oauth_signature=EbM0BjslzB5yXYWeC8EJGAEGi1k%3D

But I'm always getting an Unauthorized error, even if I manually set oauth_token to key (as signpost do). Looks like the nonce is invalid, but both of them are valid libraries to oauth

Can anyone help me?

Thanks in advance

1
javarubyoauth2-legged

1 Answers

3
votes

I'd been the same problem with 2-legged oauth, I fixed with:

consumer = OAuth::Consumer.new(key, secret, { :site => 'http://api.mysite.com' })
access_token = OAuth::AccessToken.from_hash(consumer, :oauth_token => key, :oauth_token_secret => secret)

Common issues comes from out of sync timestamps

Your requests must be synchronized with the server system clock, for instance in linkedin must be within 5 minutes of her system clock.

Hope it helps ;)