3

I'm currently trying to implement an api (http://developers.music-story.com) whose authentication is using the OAuth 1.0 technology (requests are also signed). When I created my dev account they provided me 4 different keys such as:

oauth_consummer_key = some_hexa_str_long_of_40_chars
consummer_secret = some_other_hexa_str_long_of_40_chars
oauth_access_token = some_other_hexa_str_long_of_40_chars
oauth_token_secret = some_other_hexa_str_long_of_40_chars

So far, I have been trying to sign the request manually using some code found here and there without success. My understanding is that the signature have to be a kind of fingerprint of the request itself but I'm not conceptually sure about it and even less how to make it happen technically.

Question: What would be my OAuth 1 Signature if my request is something like (?):

HTTParty.get("http://api.music-story.com/en/show/search?
oauth_signature=I_DONT_KNOW_HOW_TO_GET_THIS
&oauth_token=I_HAVE_THIS_ONE_ALREADY
&name=whatever")

Edit1: Here is what I have tried so far and raises (invalid oauth key message) api response: 

oauth_consumer_key = oauth_consummer_key
oauth_nonce = Random.rand(100000).to_s
oauth_signature_method = 'HMAC-SHA1'
oauth_timestamp = Time.now.to_i.to_s
oauth_version = '1.0'

url = "http://api.music-story.com/en/artist/search?"

parameters = 'oauth_consumer_key=' +
              oauth_consumer_key +
              '&oauth_nonce=' +
              oauth_nonce +
              '&oauth_signature_method=' +
              oauth_signature_method +
              '&oauth_timestamp=' +
              oauth_timestamp +
              '&oauth_version=' +
              oauth_version


base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters) + '&name=whatever'
secret_key = oauth_token_secret
oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1',secret_key, base_string)}").chomp)

oauth_token = oauth_access_token

response = HTTParty.get("http://api.music-story.com/en/artist/search?name=someartistname&oauth_signature=#{oauth_signature}&oauth_token=#{oauth_token}")
puts JSON.parse(response.to_json)
# {"root"=>{"version"=>"1.29", "code"=>"-3", "error"=>{"type"=>"OAuthException", "message"=>"Incorrect oauth_signature", "errorcode"=>"40107"}}}

Edit2 I also tried to add '&' at the end of oauth_token and solutions from this post without success.

Please, enlighten me!

paul88
  • 41
  • 3

2 Answers2

1

In my case the problem was having http:// in the beginning of the url scheme. Replacing the url parameter of the query with something like api.music-story.com... worked for me

paul88
  • 41
  • 3
1

You can use Ruby Oauth. Here is a sample

consumer = OAuth::Consumer.new(consumer_key, consumer_secret, {site: "http://api.music-story.com"})
access_token = OAuth::AccessToken.new(consumer, token=oauth_access_token, secret=oauth_token_secret )
response = access_token.get("/en/artist/search?name=someartistname")
Amgad
  • 345
  • 3
  • 9