-
Notifications
You must be signed in to change notification settings - Fork 649
xAuth access token request example
alvarobp edited this page Aug 17, 2011
·
1 revision
In this example we are going to request an access token via xAuth (). Suppose we have the following Consumer and user credentials:
Consumer:
Key: ssW4T3EIGmadkG62xidKgdfBZRyAScCe6xzZCwpn
Secret: L9uKyk9SFjnNOdT6UYqCZEkesdy5gU29pWYYgrdr
User credentials:
Username (email is used): [email protected]
Password: clientex
The access token url is:
http://vizzuality.testhost.lan/oauth/access_token
The xAuth special parameters are:
x_auth_mode=client_auth
x_auth_username=client%2540example.com
x_auth_password=clientex
So the request body contains:
x_auth_username=client%40example.com&x_auth_password=clientex&x_auth_mode=client_auth
The signature base string becomes (already URI encoded):
POST&http%3A%2F%2Fvizzuality.testhost.lan%2Foauth%2Faccess_token&oauth_consumer_key%3DssW4T3EIGmadkG62xidKgdfBZRyAScCe6xzZCwpn%26oauth_nonce%3D9KK8I5jvwGj1t4SC7haMaa3WYgF3MJ5QSYAMCsHnr4%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1313583228%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dclientex%26x_auth_username%3Dclient%2540example.com
The secret used to calculate the signature is:
L9uKyk9SFjnNOdT6UYqCZEkesdy5gU29pWYYgrdr&
Notice that the secret is <consumer key>& since we are not using a token here.
To calculate the signature in ruby we would do this:
Base64.encode64(Digest::HMAC.digest(
"POST&http%3A%2F%2Fvizzuality.testhost.lan%2Foauth%2Faccess_token&oauth_consumer_key%3DssW4T3EIGmadkG62xidKgdfBZRyAScCe6xzZCwpn%26oauth_nonce%3D9KK8I5jvwGj1t4SC7haMaa3WYgF3MJ5QSYAMCsHnr4%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1313583228%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dclientex%26x_auth_username%3Dclient%2540example.com",
"L9uKyk9SFjnNOdT6UYqCZEkesdy5gU29pWYYgrdr&",
Digest::SHA1
)).chomp.gsub(/\n/,'')
The resulting signature is
SJwpdAGfwJYBZDj4Rwli8rMqVa4=
The Authorization header then would be:
OAuth oauth_consumer_key="ssW4T3EIGmadkG62xidKgdfBZRyAScCe6xzZCwpn", oauth_nonce="9KK8I5jvwGj1t4SC7haMaa3WYgF3MJ5QSYAMCsHnr4", oauth_signature="SJwpdAGfwJYBZDj4Rwli8rMqVa4%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1313583228", oauth_version="1.0"