0

I'm having some problem setting up an oauth provider with two-legged authentication.

I'm using the oauth-plugin gem and the oauth gem, everything works fine except for my "update" requests. The signature verification process keeps failing.

Here is what I'm doing:

In the client, I'm using 

oauth = OAuth::AccessToken.new(OAuth::Consumer.new(app_key, app_secret, :site => @api_endpoint))
oauth.get("http://localhost/api/v1/users/1")
oauth.post("http://localhost/api/v1/users", {:email => "testemail@mysite.com"})
oauth.put("http://localhost/api/v1/users", {:tags => ["some", "new", "tags"]})
oauth.delete("http://localhost/api/v1/users/1")

get, post and delete all go through authentication fine, but update fails.

On the server side, I have my ClientApplication class set up 

  def self.verify_request(request, options = {}, &block)
    begin
      signature = OAuth::Signature.build(request, options, &block)
      return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
      value = signature.verify
      value
    rescue OAuth::Signature::UnknownSignatureMethod => e
      false
    end
  end

signature.verify fails on my update requests and passes on the other 3 requests. Anybody know what's happening?

4

1 回答 1

1

原来问题在于通过身体传递参数。
我将参数移动到带有 Addressable/uri 的 url 中,这解决了问题。它的长度会有点限制,但现在还可以。

于 2011-03-11T16:40:50.890 回答