OAuth example

In this example we sign a resource request. Suppose we have the following Consumer and Access Token:

Consumer:
  Key:    fZeNGv5iYayvItgDYHUbot1Ukb5rVyX6QAg8GaY2
  Secret: IBLCvPEefxbIiGZhGlakYV4eM8AbVSwsHxwEYpzx

AccessToken:
  Token:  l0lPbtP68ao8NfStCiA3V3neqfM03JKhToxhUQTR
  Secret: 22zBIek567fMDEebzfnSdGe8peMFVFqAreOENaDK

We are going to make a request to:

http://vizzuality.testhost.lan/api/v1/tables

So the signature base strings becomes (already URI encoded):

GET&http%3A%2F%2Fvizzuality.testhost.lan%2Fapi%2Fv1%2Ftables&oauth_consumer_key%3DfZeNGv5iYayvItgDYHUbot1Ukb5rVyX6QAg8GaY2%26oauth_nonce%3DW0zUmvyC4eVL8cBd4YwlH1nnPTbxW0QBYcWkXTwe4%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1313581372%26oauth_token%3Dl0lPbtP68ao8NfStCiA3V3neqfM03JKhToxhUQTR%26oauth_version%3D1.0

The secret used to calculate the signature is:

IBLCvPEefxbIiGZhGlakYV4eM8AbVSwsHxwEYpzx&22zBIek567fMDEebzfnSdGe8peMFVFqAreOENaDK

Notice that the secret is <consumer secret>&<access token secret>

To calculate the signature in ruby we would do this:

  Base64.encode64(
    Digest::HMAC.digest(
      "GET&http%3A%2F%2Fvizzuality.testhost.lan%2Fapi%2Fv1%2Ftables&oauth_consumer_key%3DfZeNGv5iYayvItgDYHUbot1Ukb5rVyX6QAg8GaY2%26oauth_nonce%3DW0zUmvyC4eVL8cBd4YwlH1nnPTbxW0QBYcWkXTwe4%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1313581372%26oauth_token%3Dl0lPbtP68ao8NfStCiA3V3neqfM03JKhToxhUQTR%26oauth_version%3D1.0", 
      "IBLCvPEefxbIiGZhGlakYV4eM8AbVSwsHxwEYpzx&22zBIek567fMDEebzfnSdGe8peMFVFqAreOENaDK", 
      Digest::SHA1
    )
  ).chomp.gsub(/\n/,'')

The resulting signature is

o4hx4hWP6KtLyFwggnYB4yPK8xI=

The Authorization header then would be:

OAuth oauth_consumer_key="fZeNGv5iYayvItgDYHUbot1Ukb5rVyX6QAg8GaY2", oauth_nonce="W0zUmvyC4eVL8cBd4YwlH1nnPTbxW0QBYcWkXTwe4", oauth_signature="o4hx4hWP6KtLyFwggnYB4yPK8xI%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1313581372", oauth_token="l0lPbtP68ao8NfStCiA3V3neqfM03JKhToxhUQTR", oauth_version="1.0"