Data parameters using OAuth::AccessToken#request with GET http_method

Question

Data parameters using OAuth::AccessToken#request with GET http_method

Closed this issue 7 years ago · 1 comments

I was attempting to use OAuth::AccessToken#request to send a GET request with custom parameters, but OAuth::Consumer#create_http_request doesn't seem to support extra parameters for GET requests.

Is there a reason extra HTTP params aren't supported, or am I missing something?

This is for the Nokia API. Here is an example (actual tokens / key / etc replaced with <token> / <key> / <etc>) they provide as step 4 of https://developer.health.nokia.com/api (note the required action=getmeas and userid=1234567 params):

Api endpoint : http://api.health.nokia.com/measure
Signing request :
    .. adding oAuth parameters :
        oauth_consumer_key = <key>
        oauth_nonce = 02136e976a5b0ce58cd4e1fad772afa1
        oauth_timestamp = 1522440178
        oauth_token = <token>
        oauth_signature_method = HMAC-SHA1
        oauth_version = 1.0
    .. sorting all request parameters alphabetically
    ==> oAuth signature base string :
GET&http%3A%2F%2Fapi.health.nokia.com%2Fmeasure&action%3Dgetmeas%26oauth_consumer_key%3D<key>%26oauth_nonce%3D02136e976a5b0ce58cd4e1fad772afa1%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1522440178%26oauth_token%3D<token>%26oauth_version%3D1.0%26userid%3D1234567
    .. applying hmac-sha1 to base string, with secret : <secret1>&<secret2> (notice the "&")
    .. base64 encode then url-encode the hmac-sha1 hash
    ==> oauth_signature = <signature>


http://api.health.nokia.com/measure?action=getmeas&oauth_consumer_key=<key>&oauth_nonce=02136e976a5b0ce58cd4e1fad772afa1&oauth_signature=<signature>&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1522440178&oauth_token=<token>&oauth_version=1.0&userid=1234567

Thank you!

Answer 1 · 2018-04-03T17:44:10.000Z

I see now that I don't need to pass parameters separately from the path. When using scheme: 'query_string', the signature automatically uses all the params (http params from the path and oauth params) when creating the sorted oAuth signature base string.

So, passing uri = "https://api.health.nokia.com/measure?action=getmeas&userid=#{userid}" into OAuth::AccessToken#get produces the expected behavior.