For the benefit of future interop puzzle searchers, here's the solution I arrived at. Using code like what's in http://wiki.openstreetmap.org/wiki/OAuth/Examples works against the php OAuth server with the following caveats: 1) call add_oauth *before* add_multipart_data to make sure the request body isn't part of the signature (per Morten's note y'day) - if twitter and openstreetmap accepts signatures with the multipart body, I suppose that means they're violating the spec (?) 2) in my case, the API host is not the same as the "site" for tokens and authorization, instead of doing consumer.sign!(req,access_token) ...which failed, I'm doing - the signature had the "site" hostname, not the actually endpoint hostname consumer.sign!(req,access_token, { :request_uri => api_call_uri.to_s }) ...where api_call_uri is the URI object used to setup the Net::HTTP and Net::HTTP::Post objects. I'm not clear about why the ruby consumer isn't using the endpoint hostname when explicitly signing a provided request but digging into the code path, I found that explicitly setting the request_uri option results in properly signed requests. I think this is a flaw in the ruby gem design; instead of using the Net::HTTP object that consumer was setup with for the signature, it should always use the one that connects to the API endpoint. Anyway, this was a big headache, hope it helps someone else! -Ian
On Oct 13, 9:41 am, spidaman <[email protected]> wrote: > We've been working with a ruby client (uses the latest gem > fromhttp://github.com/oauth/oauth-ruby) that hits an API implemented with > the php library athttp://oauth.googlecode.com/svn/code/php/OAuth.php > integrated in. > > Normal GETs and POSTs seem to work fine but theres a file upload API > we're trying to work out but haven't yet figured out a way to get the > ruby Net::HTTP requests signed in way that the php OAuth server will > accept. I'm not clear on what the accept practice is here. > > Example I've looked thus far have been ineffective: > *http://wiki.openstreetmap.org/wiki/OAuth/Examples > *http://github.com/archiloque/rest-client > ...the signature is always rejected by the php library. > > Has anyone else figured how to get multipart POSTs posted to that php > library to signed acceptably and post some code? -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
