Goodreads Developers discussion
questions
>
Endless Invalid Requests
date
newest »
newest »
@Isa,This issue has been happening for a while.
See posts here: http://www.goodreads.com/topic/show/6...
and here: http://www.goodreads.com/topic/show/5...
They dont seem to be too concerned with fixing this issue or keeping the API in a stable/usable state for 3rd party apps unfortunately
>>Why on earth is something as simple as the user_id a separate call anyway? Wouldn't it be easier on both the API and the developers if user_id was returned with the token at initial authorization? Isn't this part of the oauth spec?
>> They dont seem to be too concerned with fixing this issue or keeping the API in a stable/usable state for 3rd party apps unfortunately
I'm sorry to hear your oauth libraries aren't working, as far as i know we didn't change anything, it's just that a handful of oauth libs aren't compatible. Our api works fine for most of our users (we're servicing millions of api request per day), as well as in our official android and iphone apps. In addition to that, the ruby oauth library works fine (example here: http://www.goodreads.com/topic/show/4...).
@Michael,I am using the same OAuth library that you are using in the official Goodreads iOS app. It isn't an OAuth library issue, its an API issue.
You have also personally posted that this was something you were going to take a look at on other threads, but never followed up.
Isa: So why can't you use a library for oauth? It's not easy code to write (I tried to do it once by hand, not a fun process).
Michael: I am using a library, I just can't use the one php library that is known to work with your API. That unfortunately is a framework issue, Codeigniter likes things handled one way, abraham's library handles them another way. (There is a wrapper to try to resolve this, but I haven't had much luck with it).As for Oauth spec. I wouldn't know, but Twitter uses OAuth and passes the username along with the token so I doubt it. It just seems to me that you would want to minimize the number of calls developers need to make in order to complete a simple task.
I'm pretty sure the issue is the signature, but trouble shooting what specifically about the signature is wrong is a nightmare on so little info.
Usually the problem is with square brackets ([ or ]).Could you link the library you're using?
What specifically is the square brackets issue? Do some libraries URL encode them where others do not or is it something else completely? Also what should square brackets look like coming in to goodreads API via an OAuth post request?
Craig wrote: "What specifically is the square brackets issue? Do some libraries URL encode them where others do not or is it something else completely? Also what should square brackets look like coming in to go..."What I've seen is that when the hash is calculated some libs do escape them and some don't.
Both the client and server need to be doing it the same way otherwise the hash will be invalid. I've noticed inconsistencies with lots of the different libraries.
I really don't know what the correct way is, but that's usually the source of problems with oauth libraries.
Craig, I'm trying to get our iphone guy to dsend along our local changes to the oauth gem (which i'm hoping should fix your problem), let me know if he doesn't respond in the next couple days.
Thanks Michael. I'll let you know. I hope to get some time in during the week to test the API again and see if the hashes really do have anything to do with the issues I'm seeing.
Using PHP here with the codeigniter framework (so good old abraham's Twitter OAuth won't work here sadly). Headers seem to be generating all right:
Authorization: OAuth oauth_consumer_key="", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1313374792", oauth_nonce="724e0ca142fffb57e7199cc0defe82a3", oauth_version="1.0", oauth_token="5943H7ZjwgqOLIcW0BtAQ", oauth_signature="hFt4OE%2FZ9hppoCNrF%2FYZ5iyC1iU%3D"
Signature is generated by applying hma-sha1 to (method + url + secret + an array with token info urlencoded)
I'm no expert on OAuth, usually the library does everything for me ... so I have no idea what I'm doing wrong.
Why on earth is something as simple as the user_id a separate call anyway? Wouldn't it be easier on both the API and the developers if user_id was returned with the token at initial authorization?