Skip to content

Instantly share code, notes, and snippets.

@cheenu
Last active November 2, 2022 06:22
Show Gist options
  • Save cheenu/1469815 to your computer and use it in GitHub Desktop.
Save cheenu/1469815 to your computer and use it in GitHub Desktop.
How to generate an OAuth signature for the Netflix API using Ruby
## This gist is intended to provide a code example for the
# 'Making Signed Requests' section of the 'Authentication Overview' document.
# (http://developer.netflix.com/docs/Security).
#
# We are going to make a catalog request. The hardest part of
# it is figuring out how to generate the oauth_signature.
require 'cgi'
require 'base64'
require 'openssl'
id = '70144647'
oauth_consumer_key = 'b7a3f4wzookrt349b5e7qs4v' # Dummy consumer key, change to yours
oauth_nonce = Random.rand(100000).to_s
oauth_signature_method = 'HMAC-SHA1'
oauth_timestamp = Time.now.to_i.to_s
oauth_version = '1.0'
url = 'http://api.netflix.com/catalog/titles/movies/' + id
parameters = 'oauth_consumer_key=' +
oauth_consumer_key +
'&oauth_nonce=' +
oauth_nonce +
'&oauth_signature_method=' +
oauth_signature_method +
'&oauth_timestamp=' +
oauth_timestamp +
'&oauth_version=' +
oauth_version
base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters)
## Cryptographic hash function used to generate oauth_signature
# by passing the secret key and base string. Note that & has
# been appended to the secret key. Don't forget this!
#
# This line of code is from a SO topic
# (http://stackoverflow.com/questions/4084979/ruby-way-to-generate-a-hmac-sha1-signature-for-oauth)
# with minor modifications.
secret_key = 'z6Y7YtopU4&' # Dummy shared secret, change to yours
oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1',secret_key, base_string)}").chomp)
testable_url = url + '?' + parameters + '&oauth_signature=' + oauth_signature
p testable_url
@carlos-bernal-gby
Copy link

Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?

@carlos-bernal-gby
Copy link

Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?

@carlos-bernal-gby
Copy link

Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?

@carlos-bernal-gby
Copy link

Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?

@carlos-bernal-gby
Copy link

Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment