好。我认为,您不应该使用第三方库,因为
@request_token.authorize_url(:oauth_callback => @callback_url)
返回不正确的网址。
尝试自己实现 OAuth。
1) 对字符串使用 HMAC-SHA1 算法:
GET&https%3A%2F%2Foauth.withings.com%2Faccount%2Frequest_token&oauth_callback%3Dhttp%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback%26oauth_consumer_key%3D{WITHINGS KEY}%26oauth_nonce%3D{RANDOM STRING}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D{CURRENT TIME}%26oauth_version%3D1.0
该字符串包含 3 个部分:{METHOD} + "&" + {ENCODED REQUEST URL} + "&" + {ENCODED REQUEST QUERY PART}
签名密钥:{WITHINGS SECRET}+"&"
结果编码这个符号。
2) 向 URL 发送请求:
https://oauth.withings.com/account/request_token?oauth_callback=http%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback&oauth_consumer_key={WITHINGS KEY}&oauth_nonce={NONCE FROM STEP 1}&oauth_signature={RESULT OF STEP 1}&oauth_signature_method=HMAC-SHA1&oauth_timestamp={TIMESTAMP FROM STEP 1}&oauth_version=1.0
3) 解析响应体。获取 OAUTH TOKEN 和 OAUTH SECRET。
4) 对字符串使用 HMAC-SHA1 算法:
GET&https%3A%2F%2Foauth.withings.com%2Faccount%2Fauthorize&oauth_callback%3Dhttp%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback%26oauth_consumer_key%3D{SECRET KEY}%26oauth_nonce%3D{RANDOM STRING}%26oauth_signature_method%3DHMAC-SHA1%26oauth_token%3D{OAUTH TOKEN}%26oauth_timestamp%3D{CURRENT TIME}%26oauth_version%3D1.0
签名密钥:{WITHINGS SECRET}+"&" + {OAUTH SECRET}
结果编码这个符号。
5) 将用户重定向到 URL:
https://oauth.withings.com/account/rauthorize?oauth_callback=http%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback&oauth_consumer_key={WITHINGS KEY}&oauth_nonce={NONCE FROM STEP 4}&oauth_signature={RESULT OF STEP 4}&oauth_signature_method=HMAC-SHA1&oauth_token={OAUTH TOKEN}&oauth_timestamp={TIMESTAMP FROM STEP 4}&oauth_version=1.0