-
-
Save cheenu/1469815 to your computer and use it in GitHub Desktop.
| ## This gist is intended to provide a code example for the | |
| # 'Making Signed Requests' section of the 'Authentication Overview' document. | |
| # (http://developer.netflix.com/docs/Security). | |
| # | |
| # We are going to make a catalog request. The hardest part of | |
| # it is figuring out how to generate the oauth_signature. | |
| require 'cgi' | |
| require 'base64' | |
| require 'openssl' | |
| id = '70144647' | |
| oauth_consumer_key = 'b7a3f4wzookrt349b5e7qs4v' # Dummy consumer key, change to yours | |
| oauth_nonce = Random.rand(100000).to_s | |
| oauth_signature_method = 'HMAC-SHA1' | |
| oauth_timestamp = Time.now.to_i.to_s | |
| oauth_version = '1.0' | |
| url = 'http://api.netflix.com/catalog/titles/movies/' + id | |
| parameters = 'oauth_consumer_key=' + | |
| oauth_consumer_key + | |
| '&oauth_nonce=' + | |
| oauth_nonce + | |
| '&oauth_signature_method=' + | |
| oauth_signature_method + | |
| '&oauth_timestamp=' + | |
| oauth_timestamp + | |
| '&oauth_version=' + | |
| oauth_version | |
| base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters) | |
| ## Cryptographic hash function used to generate oauth_signature | |
| # by passing the secret key and base string. Note that & has | |
| # been appended to the secret key. Don't forget this! | |
| # | |
| # This line of code is from a SO topic | |
| # (http://stackoverflow.com/questions/4084979/ruby-way-to-generate-a-hmac-sha1-signature-for-oauth) | |
| # with minor modifications. | |
| secret_key = 'z6Y7YtopU4&' # Dummy shared secret, change to yours | |
| oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1',secret_key, base_string)}").chomp) | |
| testable_url = url + '?' + parameters + '&oauth_signature=' + oauth_signature | |
| p testable_url |
Yes, Sir, you truly are amazing. :) Thanks.
So I was looking this up because I was figuring out how to do OAuth signatures for another API and glad to see this has helped you guys :).
Thank you, sir! I was able to use this to access the Ning API...very obscure with poor documentation.
I'm using this utility helper class and am generating the exact same base string as this online utility
https://developer-programs.linkedin.com/oauth-test-console
However we generate different oauth signatures....any ideas? Is OpenSSL::HMAC.digent the standard to use in ruby world?
Totally missed that comment on adding a "&" to secret, why oh why do these standards do these things to us...anyway, thanks works great now!
Thanks @cheeu, I've been wrestling to make oauth signature for many hours. Eventually, i found your code and it helped me a lot! It works great!!!!!!!!!!!!!!!!!!!!!!!!!
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
You, sir, are an amazing dude! I've been banging my head against this api for a few hours. A true lifesaver. Thanks for being awesome!