Last active
November 2, 2022 06:22
-
-
Save cheenu/1469815 to your computer and use it in GitHub Desktop.
How to generate an OAuth signature for the Netflix API using Ruby
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## This gist is intended to provide a code example for the | |
| # 'Making Signed Requests' section of the 'Authentication Overview' document. | |
| # (http://developer.netflix.com/docs/Security). | |
| # | |
| # We are going to make a catalog request. The hardest part of | |
| # it is figuring out how to generate the oauth_signature. | |
| require 'cgi' | |
| require 'base64' | |
| require 'openssl' | |
| id = '70144647' | |
| oauth_consumer_key = 'b7a3f4wzookrt349b5e7qs4v' # Dummy consumer key, change to yours | |
| oauth_nonce = Random.rand(100000).to_s | |
| oauth_signature_method = 'HMAC-SHA1' | |
| oauth_timestamp = Time.now.to_i.to_s | |
| oauth_version = '1.0' | |
| url = 'http://api.netflix.com/catalog/titles/movies/' + id | |
| parameters = 'oauth_consumer_key=' + | |
| oauth_consumer_key + | |
| '&oauth_nonce=' + | |
| oauth_nonce + | |
| '&oauth_signature_method=' + | |
| oauth_signature_method + | |
| '&oauth_timestamp=' + | |
| oauth_timestamp + | |
| '&oauth_version=' + | |
| oauth_version | |
| base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters) | |
| ## Cryptographic hash function used to generate oauth_signature | |
| # by passing the secret key and base string. Note that & has | |
| # been appended to the secret key. Don't forget this! | |
| # | |
| # This line of code is from a SO topic | |
| # (http://stackoverflow.com/questions/4084979/ruby-way-to-generate-a-hmac-sha1-signature-for-oauth) | |
| # with minor modifications. | |
| secret_key = 'z6Y7YtopU4&' # Dummy shared secret, change to yours | |
| oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1',secret_key, base_string)}").chomp) | |
| testable_url = url + '?' + parameters + '&oauth_signature=' + oauth_signature | |
| p testable_url |
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you for this, but I think you have a problem. The nonce is supposed to be unique for every request, how can you make sure than that is the case if you are using an random number generator?