Skip to content

xAuth access token request example

alvarobp edited this page Aug 17, 2011 · 1 revision

In this example we are going to request an access token via xAuth (). Suppose we have the following Consumer and user credentials:

Consumer:
  Key:    ssW4T3EIGmadkG62xidKgdfBZRyAScCe6xzZCwpn
  Secret: L9uKyk9SFjnNOdT6UYqCZEkesdy5gU29pWYYgrdr

User credentials:
  Username (email is used): client@example.com
  Password: clientex

The access token url is:

http://vizzuality.testhost.lan/oauth/access_token

The xAuth special parameters are:

x_auth_mode=client_auth
x_auth_username=client%2540example.com
x_auth_password=clientex

So the request body contains:

x_auth_username=client%40example.com&x_auth_password=clientex&x_auth_mode=client_auth

The signature base string becomes (already URI encoded):

  POST&http%3A%2F%2Fvizzuality.testhost.lan%2Foauth%2Faccess_token&oauth_consumer_key%3DssW4T3EIGmadkG62xidKgdfBZRyAScCe6xzZCwpn%26oauth_nonce%3D9KK8I5jvwGj1t4SC7haMaa3WYgF3MJ5QSYAMCsHnr4%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1313583228%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dclientex%26x_auth_username%3Dclient%2540example.com

The secret used to calculate the signature is:

L9uKyk9SFjnNOdT6UYqCZEkesdy5gU29pWYYgrdr&

Notice that the secret is <consumer key>& since we are not using a token here.

To calculate the signature in ruby we would do this:

Base64.encode64(Digest::HMAC.digest(
  "POST&http%3A%2F%2Fvizzuality.testhost.lan%2Foauth%2Faccess_token&oauth_consumer_key%3DssW4T3EIGmadkG62xidKgdfBZRyAScCe6xzZCwpn%26oauth_nonce%3D9KK8I5jvwGj1t4SC7haMaa3WYgF3MJ5QSYAMCsHnr4%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1313583228%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dclientex%26x_auth_username%3Dclient%2540example.com", 
  "L9uKyk9SFjnNOdT6UYqCZEkesdy5gU29pWYYgrdr&", 
  Digest::SHA1
)).chomp.gsub(/\n/,'')

The resulting signature is

SJwpdAGfwJYBZDj4Rwli8rMqVa4=

The Authorization header then would be:

OAuth oauth_consumer_key="ssW4T3EIGmadkG62xidKgdfBZRyAScCe6xzZCwpn", oauth_nonce="9KK8I5jvwGj1t4SC7haMaa3WYgF3MJ5QSYAMCsHnr4", oauth_signature="SJwpdAGfwJYBZDj4Rwli8rMqVa4%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1313583228", oauth_version="1.0"
Clone this wiki locally