Josh, I owe you a beer. I was able to figure out the problem looking at the base string sent to the server from the client, and the one the server generated itself.
In practice I was doing the following: GET myserver/foo.json?page=1 and I was using query = '/foo.json?page=1' client.get(query, access_token) But there's a problem here. If you remember how my client library looks like [1], the GET function does not pass any parameter to OAuthRequest.from_consumer_and_token, so the signature generated did not include page=1, which the server expected instead. So I modified the code of GET to also send the parameters, and then I was doing the following: query = '/foo.json' parameters = {'page': page } client.get(query, parameters, access_token) This time the signature was built correctly, but the page param was not sent along with the url, so there was again a mismatch.It turned out I have to set the parameters also in the url: query = '/foo.json?page=' + page parameters = {'page': page } client.get(query, parameters, access_token) It took me 3 days to figure out this thing. In my opinion the oauth library should set the parameters itself to avoid confusion. Unfortunately I'm not very experienced with python so I don't know how to make a patch at this moment. Thanks again for your help. Cheers, Oscar [1] http://gist.github.com/204165 On Oct 7, 6:25 pm, Josh Roesslein <jroessl...@gmail.com> wrote: > From the code at line 37, I believe you should be using self.authority > instead of self.host. > You must include the port unless it is 80 or 443 (section 9.1.2). > If the server is using a different base string then that would cause > the signature not matching. > Make sure the URLs are the same both for the client and server. > > If I notice anything else I'll let you know. > > Josh > > On Wed, Oct 7, 2009 at 11:14 AM, Oscar Del Ben <thehcdrea...@gmail.com> wrote: > > > > > > > I'll try your code tomorrow. > > > Anyways, this is what I use [1]. The problem seems to be when I get or > > post to the server with the access token because the server can't > > validate the request. In particular it doesn't match the signature. > > > What I would do is this: > > > access_token = web.cookies().get('access_token') // oauth_token_secret > > %3D2Df6x2SrJMgKYFtgTCT2d8As8GvGvIM8kZZAO7Vt%26oauth_token > > %3DYOttwT0ok7CNm8yMYLXA > > > client.get('/path', access_token) > > > Oscar > > > [1]http://gist.github.com/204165 > > > On Oct 7, 5:52 pm, Josh Roesslein <jroessl...@gmail.com> wrote: > >> I use the library in my twitter python library. You can view the code > >> for my oauth handler here [1]. > >> The code is pretty simple. The apply_auth method is where I build the > >> headers for the resource > >> request. Let me know if you have any questions. > > >> If you could post a link to your client code using the library I could > >> offer to look at it. > > >> Josh > > >> [1]http://github.com/joshthecoder/tweepy/blob/master/tweepy/auth.py > > >> On Wed, Oct 7, 2009 at 2:10 AM, Oscar Del Ben <thehcdrea...@gmail.com> > >> wrote: > > >> > Hi Josh and thanks for your reply. Our SP is currently used by another > >> > client application written in ruby and it's actually working. Do you > >> > have any code to share or do you know where I can find an example? I > >> > know about the example in the library itself, but it's not working for > >> > me. > > >> > On Oct 7, 5:54 am, Josh Roesslein <jroessl...@gmail.com> wrote: > >> >> Hi Oscar, > > >> >> The python library in the OAuth SVN is 1.0a compliant. I have > >> >> successfully used it on Twitter (which uses 1.0a) > >> >> without issues. Has your SP implementation been tested with other > >> >> OAuth libraries? Perhaps there is a bug in your > >> >> SP server code. > > >> >> Best of luck, > > >> >> Josh > > >> >> On Tue, Oct 6, 2009 at 8:04 AM, Oscar Del Ben <thehcdrea...@gmail.com> > >> >> wrote: > > >> >> > Hi, I'm using the module oauth which can be found at > >> >> >http://oauth.googlecode.com/svn/code/python/oauth/tobuilda simple > >> >> > client we built. The problem is that I'm not sure if that library > >> >> > support oauth 1.0a > > >> >> > I used the example > >> >> > athttp://apiwiki.justin.tv/mediawiki/index.php/Justin.tv_Python_Client_... > >> >> > to develop a first version of my client and I am able to get an access > >> >> > token back from the provider, however when I try to access private > >> >> > data my request does not pass the signature control. > > >> >> > Since I am in control of the provider server (which is not built in > >> >> > python) I have tried to figure out what was happening but without any > >> >> > result and I would like to know if someone knows of a simple oauth > >> >> > client 1.0a that I can use in my python application. > > >> >> > Many thanks, > > >> >> > Oscar > > >> -- > >> Josh --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---