Halloween Reads

Goodreads Developers discussion

253 views
bugs > Getting "Invalid OAuth Request" with signed requests...

Comments Showing 1-9 of 9 (9 new)    post a comment »
dateUp arrow    newest »

message 1: by Alexander (last edited Mar 18, 2016 11:25PM) (new)
Mar 18, 2016 10:54PM

Alexander Trauzzi | 7 comments Here's my header:

```
OAuth oauth_consumer_key="MYCONSUMERKEY", oauth_nonce="2gz0uT7EJTxUEhG1gi3KqnusjDRtzEvK", oauth_signature="nQW6bAOtl8kT9lfMqinodR695DI%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1458366768", oauth_token="MYTOKEN", oauth_version="1.0"
```


message 2: by Daniel (new)
Mar 18, 2016 11:07PM

Daniel (dbmrq) | 19 comments That's actually the header, and it looks ok to me. Try to find the actual signature base string and check it against this: http://oauth.googlecode.com/svn/code/...


message 3: by Alexander (last edited Mar 18, 2016 11:51PM) (new)
Mar 18, 2016 11:50PM

Alexander Trauzzi | 7 comments Alright, was able to determine the difference between the two:

GET&https%3A%2F%2Fwww.goodreads.com%2Fapi%2Fauth_user&a...

GET&https%3A%2F%2Fwww.goodreads.com%2Fapi%2Fauth_user&a...

The library I'm using is putting `oauth_verifier` in with the base string, whereas the google tool does not.


message 4: by Daniel (new)
Mar 19, 2016 12:52AM

Daniel (dbmrq) | 19 comments Yep, that could be the cause of your problem, I think. I'd try getting it out of there or using a different library.


message 5: by Alexander (last edited Mar 19, 2016 03:41PM) (new)
Mar 19, 2016 03:16PM

Alexander Trauzzi | 7 comments I guess one concern I have is that this isn't the first situation where your API isn't abiding by the oauth specification. I'm definitely not going to change my library (phpleague is responsible for a number of very high quality PHP packages).

The library I'm using follows the specification quite closely and generally speaking if something is out of place, it's because the server I'm contacting is going outside of the spec.

Have you guys considered auditing your API and coming up with a version that follows the oauth spec properly?


message 6: by Alexander (last edited Mar 19, 2016 04:08PM) (new)
Mar 19, 2016 04:08PM

Alexander Trauzzi | 7 comments @Daniel

So I've produced a custom driver for the library - at least in my project - that is able to work around the quirks in the goodreads API, you can find it here:

https://github.com/thephpleague/oauth...

This has me now able to generate signed requests based on some of the inconsistencies, but perhaps it can serve as an informational document to help improve your service.

Overall, just look for my double-slashed comments in the code and they explain why I'm manipulating things a certain way.


message 7: by Daniel (last edited Mar 19, 2016 04:13PM) (new)
Mar 19, 2016 04:10PM

Daniel (dbmrq) | 19 comments Oh, I don't work for Goodreads and I totally agree, the API is terrible, haha. I'm just trying to help.

But in your case, to be fair, I really don't think the auth_verifier parameter should be there. I don't know that much about OAuth, but from what I gathered that's only included when authorizing and getting a token, not when making a regular request.
I've compared my signature base strings to the ones generated by the link I posted and when I got them to match everything worked reasonably well, albeit with a few bumps.


message 8: by Alexander (new)
Mar 19, 2016 04:22PM

Alexander Trauzzi | 7 comments Yeah, I think I've basically just codified all their quirks with that file, so whenever they get around to this thread, it's waiting for them.

Sorry, thought you were goodreads staff due to your promptness ;)


message 9: by Daniel (new)
Mar 19, 2016 04:33PM

Daniel (dbmrq) | 19 comments Quite on the contrary, the promptness is a clear sign I'm not Goodreads staff, haha. I'm just trying to figure out the api too, so I've been hanging around here.
Good luck. :)


back to top

8095

Goodreads Developers

Group Home Bookshelf Discussions
Photos Videos
Send invite Members Polls
unread topics | mark unread