-
-
Save cheenu/1469815 to your computer and use it in GitHub Desktop.
| ## This gist is intended to provide a code example for the | |
| # 'Making Signed Requests' section of the 'Authentication Overview' document. | |
| # (http://developer.netflix.com/docs/Security). | |
| # | |
| # We are going to make a catalog request. The hardest part of | |
| # it is figuring out how to generate the oauth_signature. | |
| require 'cgi' | |
| require 'base64' | |
| require 'openssl' | |
| id = '70144647' | |
| oauth_consumer_key = 'b7a3f4wzookrt349b5e7qs4v' # Dummy consumer key, change to yours | |
| oauth_nonce = Random.rand(100000).to_s | |
| oauth_signature_method = 'HMAC-SHA1' | |
| oauth_timestamp = Time.now.to_i.to_s | |
| oauth_version = '1.0' | |
| url = 'http://api.netflix.com/catalog/titles/movies/' + id | |
| parameters = 'oauth_consumer_key=' + | |
| oauth_consumer_key + | |
| '&oauth_nonce=' + | |
| oauth_nonce + | |
| '&oauth_signature_method=' + | |
| oauth_signature_method + | |
| '&oauth_timestamp=' + | |
| oauth_timestamp + | |
| '&oauth_version=' + | |
| oauth_version | |
| base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters) | |
| ## Cryptographic hash function used to generate oauth_signature | |
| # by passing the secret key and base string. Note that & has | |
| # been appended to the secret key. Don't forget this! | |
| # | |
| # This line of code is from a SO topic | |
| # (http://stackoverflow.com/questions/4084979/ruby-way-to-generate-a-hmac-sha1-signature-for-oauth) | |
| # with minor modifications. | |
| secret_key = 'z6Y7YtopU4&' # Dummy shared secret, change to yours | |
| oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1',secret_key, base_string)}").chomp) | |
| testable_url = url + '?' + parameters + '&oauth_signature=' + oauth_signature | |
| p testable_url |
Totally missed that comment on adding a "&" to secret, why oh why do these standards do these things to us...anyway, thanks works great now!
Thanks @cheeu, I've been wrestling to make oauth signature for many hours. Eventually, i found your code and it helped me a lot! It works great!!!!!!!!!!!!!!!!!!!!!!!!!
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
I'm using this utility helper class and am generating the exact same base string as this online utility
https://developer-programs.linkedin.com/oauth-test-console
However we generate different oauth signatures....any ideas? Is OpenSSL::HMAC.digent the standard to use in ruby world?