Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A utility for signing an url using OAuth in a way that's convenient for debugging
require 'oauth_util.rb'
require 'net/http'
o = OauthUtil.new
o.consumer_key = 'examplek9SGJUTUpocjZ5QjBJmQ9WVdrOVVFNHdSR2x1TkhFbWNHbzlNQS0tJnM9Y29uc3VtkZXJzZWNyZXQmeD0yYg--';
o.consumer_secret = 'exampled88d4109c63e778dsadcdd5c1875814977';
url = 'http://query.yahooapis.com/v1/yql?q=select%20*%20from%20social.updates.search%20where%20query%3D%22search%20terms%22&diagnostics=true';
parsed_url = URI.parse( url )
Net::HTTP.start( parsed_url.host ) { | http |
req = Net::HTTP::Get.new "#{ parsed_url.path }?#{ o.sign(parsed_url).query_string }"
response = http.request(req)
print response.read_body
}
# A utility for signing an url using OAuth in a way that's convenient for debugging
# Note: the standard Ruby OAuth lib is here http://github.com/mojodna/oauth
# License: http://gist.github.com/375593
# Usage: see example.rb below
require 'uri'
require 'cgi'
require 'openssl'
require 'base64'
class OauthUtil
attr_accessor :consumer_key, :consumer_secret, :token, :token_secret, :req_method,
:sig_method, :oauth_version, :callback_url, :params, :req_url, :base_str
def initialize
@consumer_key = ''
@consumer_secret = ''
@token = ''
@token_secret = ''
@req_method = 'GET'
@sig_method = 'HMAC-SHA1'
@oauth_version = '1.0'
@callback_url = ''
end
# openssl::random_bytes returns non-word chars, which need to be removed. using alt method to get length
# ref http://snippets.dzone.com/posts/show/491
def nonce
Array.new( 5 ) { rand(256) }.pack('C*').unpack('H*').first
end
def percent_encode( string )
# ref http://snippets.dzone.com/posts/show/1260
return URI.escape( string, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]") ).gsub('*', '%2A')
end
# @ref http://oauth.net/core/1.0/#rfc.section.9.2
def signature
key = percent_encode( @consumer_secret ) + '&' + percent_encode( @token_secret )
# ref: http://blog.nathanielbibler.com/post/63031273/openssl-hmac-vs-ruby-hmac-benchmarks
digest = OpenSSL::Digest::Digest.new( 'sha1' )
hmac = OpenSSL::HMAC.digest( digest, key, @base_str )
# ref http://groups.google.com/group/oauth-ruby/browse_thread/thread/9110ed8c8f3cae81
Base64.encode64( hmac ).chomp.gsub( /\n/, '' )
end
# sort (very important as it affects the signature), concat, and percent encode
# @ref http://oauth.net/core/1.0/#rfc.section.9.1.1
# @ref http://oauth.net/core/1.0/#9.2.1
# @ref http://oauth.net/core/1.0/#rfc.section.A.5.1
def query_string
pairs = []
@params.sort.each { | key, val |
pairs.push( "#{ percent_encode( key ) }=#{ percent_encode( val.to_s ) }" )
}
pairs.join '&'
end
# organize params & create signature
def sign( parsed_url )
@params = {
'oauth_consumer_key' => @consumer_key,
'oauth_nonce' => nonce,
'oauth_signature_method' => @sig_method,
'oauth_timestamp' => Time.now.to_i.to_s,
'oauth_version' => @oauth_version
}
# if url has query, merge key/values into params obj overwriting defaults
if parsed_url.query
@params.merge! CGI.parse( parsed_url.query )
end
# @ref http://oauth.net/core/1.0/#rfc.section.9.1.2
@req_url = parsed_url.scheme + '://' + parsed_url.host + parsed_url.path
# create base str. make it an object attr for ez debugging
# ref http://oauth.net/core/1.0/#anchor14
@base_str = [
@req_method,
percent_encode( req_url ),
# normalization is just x-www-form-urlencoded
percent_encode( query_string )
].join( '&' )
# add signature
@params[ 'oauth_signature' ] = signature
return self
end
end
@tylr

This comment has been minimized.

Show comment
Hide comment
@tylr

tylr Aug 25, 2010

I'm interested in using this because the OAuth gem is horrid, and this turned up in google. I get either an error stating "no oauth_token parameter found" or when I add the param "Invalid signature. Expected signature base string: GET&http%3A%2F%2Fapi"

Any tips or advice?

tylr commented Aug 25, 2010

I'm interested in using this because the OAuth gem is horrid, and this turned up in google. I get either an error stating "no oauth_token parameter found" or when I add the param "Invalid signature. Expected signature base string: GET&http%3A%2F%2Fapi"

Any tips or advice?

@ugifractal

This comment has been minimized.

Show comment
Hide comment
@ugifractal

ugifractal Sep 2, 2010

I got

  Please provide valid credentials


I got

  Please provide valid credentials


@mhookey

This comment has been minimized.

Show comment
Hide comment
@mhookey

mhookey May 16, 2012

Suggested fix to ensure single url params aren't pushed to arrays (otherwise seems to have challenges when using params such as count=x&format=json) ... I'm no guru so maybe I was using it incorrectly at first..

# if url has query, merge key/values into params obj overwriting defaults
if parsed_url.query
  CGI.parse( parsed_url.query ).each do |k,v|
    if v.is_a?(Array) && v.count == 1
      @params[k] = v.first
    else
      @params[k] = v
    end
  end
end

mhookey commented May 16, 2012

Suggested fix to ensure single url params aren't pushed to arrays (otherwise seems to have challenges when using params such as count=x&format=json) ... I'm no guru so maybe I was using it incorrectly at first..

# if url has query, merge key/values into params obj overwriting defaults
if parsed_url.query
  CGI.parse( parsed_url.query ).each do |k,v|
    if v.is_a?(Array) && v.count == 1
      @params[k] = v.first
    else
      @params[k] = v
    end
  end
end
@asfarley

This comment has been minimized.

Show comment
Hide comment
@asfarley

asfarley Feb 10, 2013

Has anyone tested this recently? I've just tried to use this code, having only substituted my own consumer key and secret and I get OST_OAUTH_SIGNATURE_INVALID_ERROR, "Please provide valid credentials".

Update:

  1. Apply change described by mhookey above to sign method of oauth_util.rb
  2. If you're coming from the YDN BOSS example.rb, change "urlurl = url + ..." (line 8) to "url = url + ..."

Has anyone tested this recently? I've just tried to use this code, having only substituted my own consumer key and secret and I get OST_OAUTH_SIGNATURE_INVALID_ERROR, "Please provide valid credentials".

Update:

  1. Apply change described by mhookey above to sign method of oauth_util.rb
  2. If you're coming from the YDN BOSS example.rb, change "urlurl = url + ..." (line 8) to "url = url + ..."
@masterkain

This comment has been minimized.

Show comment
Hide comment
@masterkain

masterkain May 4, 2013

@tylr yeah, no oauth_token is being sent at all

@tylr yeah, no oauth_token is being sent at all

@datnt

This comment has been minimized.

Show comment
Hide comment
@datnt

datnt Nov 14, 2013

@asfarley , and @tylr

I had applied the above code and success, please refer to my detailed document here:

https://docs.google.com/document/d/1SdGSfakQM3ZuiqJK7keXhOfh6310-z_h0THl1_Jswxk/pub

P/S: Note that, the oauth_util.rb does not support to get access token, it only support for sending request to yahoo API, after you had received the access_token, and access_token_secret

datnt commented Nov 14, 2013

@asfarley , and @tylr

I had applied the above code and success, please refer to my detailed document here:

https://docs.google.com/document/d/1SdGSfakQM3ZuiqJK7keXhOfh6310-z_h0THl1_Jswxk/pub

P/S: Note that, the oauth_util.rb does not support to get access token, it only support for sending request to yahoo API, after you had received the access_token, and access_token_secret

@Zeokat

This comment has been minimized.

Show comment
Hide comment
@Zeokat

Zeokat Mar 7, 2014

For Zeokat deal with OAuth is always painfull, thanks for the code.

Zeokat commented Mar 7, 2014

For Zeokat deal with OAuth is always painfull, thanks for the code.

@wvidana

This comment has been minimized.

Show comment
Hide comment
@wvidana

wvidana Apr 28, 2014

Dealing with oauth_token:

  • first send a request for tokens (your API provider should tell you how)
  • edit oauth_lib.rb, in the method sign (line 64) add 'oauth_token' => 'your token' to the hashtab, between oauth_timestamp and oauth_version (it should be ordered in alphabetical order)
  • In your main program initialize the o.token and o.token_secret variables with your values

wvidana commented Apr 28, 2014

Dealing with oauth_token:

  • first send a request for tokens (your API provider should tell you how)
  • edit oauth_lib.rb, in the method sign (line 64) add 'oauth_token' => 'your token' to the hashtab, between oauth_timestamp and oauth_version (it should be ordered in alphabetical order)
  • In your main program initialize the o.token and o.token_secret variables with your values
@kylechadha

This comment has been minimized.

Show comment
Hide comment
@kylechadha

kylechadha Apr 29, 2014

Has anyone gotten this to work with Twitter's API? I've made all the updates outlined in the comments and still get 215 bad authentication data errors.

Has anyone gotten this to work with Twitter's API? I've made all the updates outlined in the comments and still get 215 bad authentication data errors.

@danweller18

This comment has been minimized.

Show comment
Hide comment
@danweller18

danweller18 Apr 22, 2015

Line 44 in oauth_util.rb should be changed to

digest = OpenSSL::Digest.new( 'sha1' )

Because you will get a message saying "Digest::Digest is deprecated; Use Digest"

http://stackoverflow.com/questions/21184960/ruby-digestdigest-is-deprecated-use-digest

Line 44 in oauth_util.rb should be changed to

digest = OpenSSL::Digest.new( 'sha1' )

Because you will get a message saying "Digest::Digest is deprecated; Use Digest"

http://stackoverflow.com/questions/21184960/ruby-digestdigest-is-deprecated-use-digest

@samjewell

This comment has been minimized.

Show comment
Hide comment
@samjewell

samjewell May 15, 2017

The API I'm working with requires the Auth params to be added to the header, as per the option in Postman:

request["authorization"] = 'OAuth oauth_consumer_key=\"MyKey\",oauth_token=\"MyToken\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=………etcetc

Did anyone manage to modify this script to also add that authorization header to the request?

samjewell commented May 15, 2017

The API I'm working with requires the Auth params to be added to the header, as per the option in Postman:

request["authorization"] = 'OAuth oauth_consumer_key=\"MyKey\",oauth_token=\"MyToken\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=………etcetc

Did anyone manage to modify this script to also add that authorization header to the request?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment