Goodreads Developers discussion
questions
>
OAUTH failure during the first phase of request for token
date
newest »
newest »
Michael wrote: "What library are you using?"I am using the oauth-as3 open source
http://code.google.com/p/oauth-as3/
Michael wrote: "Just glancing around:http://code.google.com/p/oauth-as3/is...
that could be the issue...."
Thanks for quick response...though that is not the code path it seems to traverse for my case. The issue you pointed out refers to populating the HTTP header : Authorization. However I am not populating any headers and instead sending the required query parms.
Is it mandatory for your implementation for the oauth data to be present in the HTTP headers, so that I can make the switch to that and see if it works after removing the leading "," as you have pointed out in the issue.
I don't think it is, i think as long as the url is generated correctly it should work....I know the ruby client library works pretty much out of the box, so I'm not sure what the problem could be. Could you make a request that fails, and then email us with the exact url and time of request (support@goodreads.com) and I'll try and look at it on my end?
Michael wrote: "I don't think it is, i think as long as the url is generated correctly it should work....I know the ruby client library works pretty much out of the box, so I'm not sure what the problem could b..."
Sure. All the URL's below are failing with "Invalid OAuth Request" during the initial request token phase. I will also email the link to this discussion along with the URL's that are failing to the support address you have provided.
Tried supplying callback URL and also without it and both are failing. Here are the various scenarios that all fail. I have tried all the requests between 10:05 PM and 10:15 PM ET for your reference.
1) URL WITHOUT call back URL and NOT URL encoding the signature parameter but encoding the rest
http://www.goodreads.com/oauth/reques...
2) URL WITH call back URL and NOT URL encoding the signature parameter but encoding the rest
http://www.goodreads.com/oauth/reques...
3) URL WITH call back URL and URL encoding the signature parameter as well along with the rest of the parameters
http://www.goodreads.com/oauth/reques...
4) URL WITHOUT call back URL and URL encoding the signature parameter as well along with the rest of the parameters
http://www.goodreads.com/oauth/reques...
Ok, I'll see if we can look into this soon. Sorry if it takes us a little while!
Srinivas,I've looked into this a bit and here are some findings:
1) At this point, your timestamps are too old on your requests (they need to be fairly recent, and should usually probably be within seconds of the timestamp of the request
2) The nonce and timestamp must for a unique pair. You cannot reuse nonces, so be sure that you're always generating a new pair for each token request
3) I noticed that your nonce (at least in your first link) is a little unconventional(ly short). It may not be a big deal, but here's a more typical example: jYLpKLVBSR3tl5O59vt21Xw1oxza4ngtI4XDZMoIac . I suppose the only requirement is as described in 2) above, so it may not a big deal to use such a short string. It's probably good habit to strive for fairly unique nonces though, just in case.
4) Our signatures are not matching the signatures that you're submitting. So it's something wrong with your signature-generation process. This is probably the ultimate source of your problem, but you'll never even know without fixing BOTH 1) and 2) for all future requests. You'll probably have to debug your signature-generating process. I suggest you compare results with an oauth library out there until you get your signatures to match established libraries, then try again.
Best of luck!
Please let me know what seems to be the issue with the URL I am constructing.
http://www.goodreads.com/oauth/reques...