Goodreads Developers discussion

I'm having a hard time getting the OAuth API to work correctly with Goodreads.

I've used OAuth successfully on several other projects with other API's (both as a consumer and provider) so I"m familiar with the process.

I'm just trying a basic OAuth method right now for testing and trying to add a book review and haven't been able to get it to work yet. I always get an "Invalid OAuth Request" error.

I can get my request and access tokens fine for the user, the actual OAuth POST call is failing.

Here is a link to a pastie with both the Auth headers my request is sending and the normalized request parameters: http://pastie.org/private/iebudzppzyq...

I will gladly provide any other information needed to help solve this issue.

Just for reference, I am interfacing with the API via the OAuthConsumer Objective-C library inside an iOS application as well.

Hey Craig I'm having the same issue with my nodeJS app as well. Getting OAuth token, access tokens, etc works fine but doing anything with a protected resource seems to fail.

I added a bug in this thread last week:
http://www.goodreads.com/topic/show/5...

No response yet :(

Thanks Brad,

I was hoping that wasn't going to be the case and it was just me.

I'll keep an eye on your thread as well for any possible follow-ups.

just bumping this again as I havent seen any response on either thread about it.

We're going to be looking into this very shortly. Sorry for the slow turnaround.

excellent. thanks for the response.

Friendly bump to see if this has been fixed. I'm stuck on my app until this is resolved :(

Could it be the infamous square brackets problem? For example does a add friend call succeed?

We're also using OAuthConsumer for the official Goodreads app. It's kind of a old version and we never updated it. We did do minor changes, but they were just to fix memory leaks (namely in OASynchronousDataFetcher::start and dealloc methods; OAToken::initWithUserDefaultsUsingServiceProviderName; OAMutableURLRequest::prepare and dealloc methods. I can provide these patches but I doubt this is the source of your problems.

@Ettore,

Can you expound a bit more on the "infamous square brackets" problem??

I'm not sure I know what you are referring too, so I don't know if it is applicable in this case or not.

We have had reports of APIs that require square brackets params to not work depending on your OAuth library. OAuthConsumer though should be immune to those problems right out of the box... but just to rule that out I was suggesting to try calling an API that does not have any square brackets params, such as the add friend API.

Ettore wrote: "We have had reports of APIs that require square brackets params to not work depending on your OAuth library. OAuthConsumer though should be immune to those problems right out of the box... but just..."

I see. thanks. I 'll try it. I havent had problems using OAuthConsumer with other API's that use square brackets, so I doubt it is the problem as well, but I'll try the add friend call and see what happens

@Ettore and @Michael.

I'm planning on testing the add friend API later today to see if the "bracket issue" is a problem for me, but I have extracted some code from my project to demo what I'm currently doing that is failing with the "Invalid OAuth Request" response from the API.

http://pastie.org/2386459

I'm hoping maybe you can take a quick peek and let me know if this looks any different from what you guys are doing with the official app, since we are both using the same Objective-C library

Thanks, that can help a lot.

Here's some differences I noticed in our code:
- Just making sure: your urlString ends up being @"http://www.goodreads.com/review.xml" right?
- to create the parameters I use OARequestParameter::requestParameterWithName:value: instead of requestParameter:value:. Not sure it the methods are equivalent, but that's what I use.
- about the fetcher: I create one with the request, then start it manually, viz. [fetcher start].
- I don't see the code for signing the OAuth request: from your previous pastie, I assume you do sign it with the consumer secret before starting the fetcher? I use - (NSString *)signClearText:(NSString *)text withSecret:(NSString *)secret on the OAHMAC_SHA1SignatureProvider class. The actual signature is CONSUMERSECRET&TOKENSECRET, urlencoded.

Hope this helps...

Thanks, I'll play around with your bullet points.

I'm not specifically code signing the request, because OAuthConsumer signs requests by default using the OAHMAC_SHA1SignatureProvider.

I can try explicitly signing it though, although by looking at the library it appears this would just be duplication, but its worth a shot.

hmmm, I tried the "add_as_friend.xml" API call just now per @Ettore's request and that seems to work fine, so maybe it is an issue with square brackets in my params.

I'll try URLEncoding them and see what happens