oauth_callback in the Authorization header

classic Classic list List threaded Threaded
5 messages Options
d6y
Reply | Threaded
Open this post in threaded view
|

oauth_callback in the Authorization header

d6y
I'm working the with lovefilm.com API and it appears their OAuth implementation requires the oauth_callback header to be part of the Authorization header, and not just as a POST parameter.

That is, a call like this...

val token = h(lovefilm / "request_token" << callback(calback_to_us) <@ oauth as_token)

... is rejected at the LOVEFiLM end, although I note from watching the HTTP logging fly by on my screen that the callback URL is POSTed to the server.

A quick and ugly hack of OAuth.scala to include the callback in the Authorization header makes the call work:

 val oauth_params = IMap(
      "oauth_consumer_key" -> consumer.key,
      "oauth_signature_method" -> "HMAC-SHA1",
      "oauth_timestamp" -> (System.currentTimeMillis / 1000).toString,
      "oauth_nonce" -> System.nanoTime.toString,
      "oauth_version" -> "1.0"
    ) ++ token.map { "oauth_token" -> _.value } ++
       user_params.get("oauth_callback").map { case x:String => "oauth_callback" -> x }  ++
      verifier.map { "oauth_verifier" -> _ }
   
I've not taken this up with LOVEFiLM yet and how it fits with the spec, but I thought I'd mention it here.  I suppose I'm asking for an enhancement to be able to pass the oauth_callback as part of the Authorization header.  However, my experience with OAuth is ... small.  So I'm open to being beaten with the clue stick.

The LOVEFiLM developer doc is here:   http://developer.lovefilm.com/docs/api_overview/oauth_steps

Regards
Richard

Reply | Threaded
Open this post in threaded view
|

Re: oauth_callback in the Authorization header

n8han
Administrator
Hi Richard, have to asked lovefilm about the problem, in the overlong time that I have taken to reply to this message? According to the spec they should accept callback as a parameter. If they're unwilling or unable to do this, however, there's no harm done in making Dispatch more accommodating.

Nathan
d6y
Reply | Threaded
Open this post in threaded view
|

Re: oauth_callback in the Authorization header

d6y
Thanks Nathan - I've asked the question over at lovefilm, and when they get back to me, I'll post an update here.
d6y
Reply | Threaded
Open this post in threaded view
|

Re: oauth_callback in the Authorization header

d6y
I never did get any feedback from LOVEFiLM on this, but I'll note that 0.7.8 works perfectly with LOVEFiLM, so I'm happy. Thank you!
Reply | Threaded
Open this post in threaded view
|

Re: oauth_callback in the Authorization header

n8han
Administrator
Cool, glad that fixed it!
Nathan

"d6y [via Databinder]" <[hidden email]> wrote:

>
>
>I never did get any feedback from LOVEFiLM on this, but I'll note that
>0.7.8
>works perfectly with LOVEFiLM, so I'm happy. Thank you!
>
>______________________________________
>View message @
>http://databinder.3617998.n2.nabble.com/oauth-callback-in-the-Authorization-header-tp5503783p5880536.html
>To start a new topic under Databinder, email
>[hidden email]
>To unsubscribe from Databinder, visit
>