-
-
Save cheenu/1469815 to your computer and use it in GitHub Desktop.
## This gist is intended to provide a code example for the | |
# 'Making Signed Requests' section of the 'Authentication Overview' document. | |
# (http://developer.netflix.com/docs/Security). | |
# | |
# We are going to make a catalog request. The hardest part of | |
# it is figuring out how to generate the oauth_signature. | |
require 'cgi' | |
require 'base64' | |
require 'openssl' | |
id = '70144647' | |
oauth_consumer_key = 'b7a3f4wzookrt349b5e7qs4v' # Dummy consumer key, change to yours | |
oauth_nonce = Random.rand(100000).to_s | |
oauth_signature_method = 'HMAC-SHA1' | |
oauth_timestamp = Time.now.to_i.to_s | |
oauth_version = '1.0' | |
url = 'http://api.netflix.com/catalog/titles/movies/' + id | |
parameters = 'oauth_consumer_key=' + | |
oauth_consumer_key + | |
'&oauth_nonce=' + | |
oauth_nonce + | |
'&oauth_signature_method=' + | |
oauth_signature_method + | |
'&oauth_timestamp=' + | |
oauth_timestamp + | |
'&oauth_version=' + | |
oauth_version | |
base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters) | |
## Cryptographic hash function used to generate oauth_signature | |
# by passing the secret key and base string. Note that & has | |
# been appended to the secret key. Don't forget this! | |
# | |
# This line of code is from a SO topic | |
# (http://stackoverflow.com/questions/4084979/ruby-way-to-generate-a-hmac-sha1-signature-for-oauth) | |
# with minor modifications. | |
secret_key = 'z6Y7YtopU4&' # Dummy shared secret, change to yours | |
oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1',secret_key, base_string)}").chomp) | |
testable_url = url + '?' + parameters + '&oauth_signature=' + oauth_signature | |
p testable_url |
Thanks @cheeu, I've been wrestling to make oauth signature for many hours. Eventually, i found your code and it helped me a lot! It works great!!!!!!!!!!!!!!!!!!!!!!!!!
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Totally missed that comment on adding a "&" to secret, why oh why do these standards do these things to us...anyway, thanks works great now!