Digg Api Java
Virtual Sushi
Just started using the Digg Api for the first time just today and I'm
rather disappointed in the available docs. When developing interfaces
for other OAuth based api's in Java, I use a specific lib or an open
OAuth lib or I write some HttpClient (4.1) calls. Now, for Digg,
neither of these solutions seem to work and I always get a 405
response.
Can someone give me some advice on this...
... what Java libs can I use?
... how should I sign Digg API requests?
... what extra parameters are needed in the post request?
... what extra request headers are needed in these requests?
Thanks
Jeff Hodsdon
> Can someone give me some advice on this...
> ... what Java libs can I use?
A simple OAuth implementation in Java is Signpost. http://brainflush.wordpress.com/2009/05/03/introducing-signpost-easy-oauth-for-java-and-apache-httpcomponents-android-too/
Another is http://oauth.googlecode.com/svn/code/java/
> ... how should I sign Digg API requests?
We support HMAC-SHA1.
> ... what extra parameters are needed in the post request?
None for oauth.getRequestToken, oauth.getAccessToken, or oauth.verify. For protected resources like story.digg the story_id parameter should be in the POST data.
> ... what extra request headers are needed in these requests?
OAuth parameters are recommended to be passed in the Authorization header (http://oauth.net/core/1.0a/#auth_header). However you can pass them via POST data or in the query string.
Let me know if this helps!
-jeff
Virtual Sushi
A first problem I encountered is that by default, the signpost lib
executes a GET request when getting the request token. I've modified
the code and added a "method" parameter to some java calls in order to
execute a post request if needed as it is for Digg.
Now, the Digg API returns another error (see below). Could give me an
example of a POST request (in text) that is accepted by the Digg API,
I can easily adapt the Java code in signpost in order to create a
valid request.
My current request is...
POST /1.0/endpoint?method=oauth.getRequestToken&oauth_callback=oob
HTTP/1.1
Authorization: OAuth
oauth_consumer_key="***mykey***",oauth_nonce="1265208946023811000",oauth_timestamp="1265208946",oauth_token="",oauth_signature_method="HMAC-
SHA1",oauth_version="1.0",oauth_signature="***aValidSignature***"
User-Agent: Java/1.5.0_19
Host: services.digg.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
And here is the response...
Cache-control: private
X-RateLimit-Current: 2
X-RateLimit-Max: 1000
X-RateLimit-Reset: 3407
X-Digg-Api-Version: 1.0
Accept-Ranges: bytes
Content-Length: 131
nnCoection: close
Content-Type: text/xml;charset=utf-8
<?xml version="1.0" encoding="UTF-8"?>
<error code="5005" message="Invalid content type for POST request"
timestamp="1265208947"/>
Thanks,
Jef
On Feb 1, 7:27 pm, Jeff Hodsdon <j...@digg.com> wrote:
> Hey Virtual Sushi, You're right we unfortunately don't have muchOAuthspecific documentation. We rely on a lot of already existing rich explanations ofOAuthalready on the web. (e.g.http://hueniverse.com/oauth/) Therefore we focus on documenting ourOAuthspecific implementation details here,http://digg.com/api/docs/authentication.
>
> > Can someone give me some advice on this...
> > ... what Java libs can I use?
>
> A simpleOAuthimplementation in Java is Signpost. http://brainflush.wordpress.com/2009/05/03/introducing-signpost-easy-...
>
> Another ishttp://oauth.googlecode.com/svn/code/java/
>
> > ... how should I sign Digg API requests?
>
> We support HMAC-SHA1.
>
> > ... what extra parameters are needed in the post request?
>
> None foroauth.getRequestToken,oauth.getAccessToken, oroauth.verify. For protected resources like story.digg the story_id parameter should be in the POST data.
>
> > ... what extra request headers are needed in these requests?
>
> OAuthparameters are recommended to be passed in the Authorization header (http://oauth.net/core/1.0a/#auth_header). However you can pass them via POST data or in the query string.
Fernando Pinto
If I'm not mistaken, your request needs to have a content type
defined, as well as a content length, in order to be accepted by the
API, event if you're not transmitting any content (I've had that same
problem myself).
Just add these 2 headers to the request and it should work ;)
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Also, I've noticed that you're passing the oauth_callback as a
parameter in the request URL. I'm not sure if that could cause a
problem, as most OAuth libraries I've seen usually pass that in the
Authorization header, along with the other parameters
Regards
Fernando Pinto
Jeff Hodsdon
The oauth_* parameters should all be in the Authorization header, therefore oauth_callback should be there too. Also I am not sure this will be an issue but sending over a blank oauth_token may cause problems.
-jeff
> --
> You received this message because you are subscribed to the Google Groups "Digg API" group.
> To post to this group, send email to dig...@googlegroups.com.
> To unsubscribe from this group, send email to diggapi+u...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/diggapi?hl=en.
>
Virtual Sushi
Thanks for helping me out here. It's time for a status update:
Things I did since the last message are
* Added Content-Type: application/x-www-form-urlencoded and Content-
Length: 0 to the request header
* Rewritten the Signpost's Sign method for creating the OAuth header
for adding the realm, for adding the callback parameter and for
removing the token parameter.
* Added oauth_callback to the OAuth request header element
* Added a realm to the OAuth request header element
* Removed oauth_token from the OAuth request header element
* Checked that the SignPost lib puts the oauth parameters in
alphabetic order when creating the SignatureBaseString - OK
* Rewritten the Signpost's Sign method for computing the
SignatureBaseString. Once with an empty oauth_token parameter, once
without this parameter.
This resulted in these two possible SignatureBaseStrings
1. POST&http%3A%2F%2Fservices.digg.com%2F1.0%2Fendpoint&oauth_callback
%3Doob%26oauth_consumer_key%3D***my_key***%26oauth_nonce
%3D1265288685448980000%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1265288685%26oauth_version%3D1.0
2. POST&http%3A%2F%2Fservices.digg.com%2F1.0%2Fendpoint&oauth_callback
%3Doob%26oauth_consumer_key%3D***my_key***%26oauth_nonce
%3D1265288830965794000%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1265288830%26oauth_token%3D%26oauth_version
%3D1.0
Can you point out which of these two should be used for querying Digg?
Is it correct that the query "?method=oauth.getRequestToken" is not a
part of this SignatureBaseStrings?
When running the code with these changes, I still get an "Invalid
Signature" message. Can you have a look at the request+response
+SignatureBaseStrings? Maybe you have a clue.
Best regards,
Jef
Virtual Sushi
POST /1.0/endpoint?method=oauth.getRequestToken HTTP/1.1
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth realm="http://
services.digg.com/",oauth_consumer_key="***my_key***",oauth_nonce="1265288186834353000",oauth_timestamp="1265288186",oauth_callback="oob",oauth_signature_method="HMAC-
SHA1",oauth_version="1.0",oauth_signature="79xhytrlUcjXm8Maotn7Ei40JlU
%3D"
User-Agent: Java/1.5.0_19
Host: services.digg.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
HTTP/1.1 401 Authorization Required
Date: Thu, 04 Feb 2010 12:56:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-control: private
X-RateLimit-Current: 10
X-RateLimit-Max: 1000
X-RateLimit-Reset: 1103
X-Digg-Api-Version: 1.0
Accept-Ranges: bytes
Content-Length: 111
Keep-Alive: timeout=5, max=10000
Connection: Keep-Alive
Content-Type: text/xml;charset=utf-8
<?xml version="1.0" encoding="UTF-8"?>
<error code="5001" message="Invalid signature" timestamp="1265288191"/
Fernando Pinto
I've tested the signature generator in the PHP library and compared it
with your SignatureBaseStrings.
Here's what you should be getting from your java code:
POST&http%3A%2F%2Fservices.digg.com%2F1.0%2Fendpoint&method%3Doauth.
getRequestToken%26oauth_callback%3D00b%26oauth_consumer_key
%3D****mykey****%26
oauth_nonce%3De00561f2d16e46d928f3597fb113e705%26oauth_signature_
method%3DHMAC-SHA1%26oauth_timestamp%3D1265291171%26oauth_version
%3D1.0
So It seems to me you really need the method on the signature base
string.
If you want to compare the "correct" signature base string with what
you're getting, as well as the resulting signature, just go to the
SHA1.php file in HTTP/OAuth/Signature, on the PEAR package, and look
for the build function.
If you add
echo $this->getBase($method, $url, $params)."\n\n";
you should see the base string as it should be.
If you add
echo base64_encode(
hash_hmac(
'sha1', $this->getBase($method, $url, $params),
$this->getKey($consumerSecret, $tokenSecret), true
)
)
you should see the signature for the respective base string.
Should you want to test some specific nonce and timestamp combo, just
replace those values in the $params array, and you should be able to
see the respective base string and signature.
With this info, I believe you should be able to at least compare
Signpost's implementation with the official one.
Regards
Fernando Pinto
Virtual Sushi
Thanks for that. I managed to get my SignatureBaseString the same as
yours, there's just a little difference in the length of the NONCE
string but shouldn't be a problem, as long as it's unique, isn't it?
Here is mine followed by yours ...
POST&http%3A%2F%2Fservices.digg.com%2F1.0%2Fendpoint&method
%3Doauth.getRequestToken%26oauth_callback%3Doob%26oauth_consumer_key
%3D****mykey****%26oauth_nonce
%3D1265367513296855000%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1265367513%26oauth_version%3D1.0
POST&http%3A%2F%2Fservices.digg.com%2F1.0%2Fendpoint&method
%3Doauth.getRequestToken%26oauth_callback%3D00b%26oauth_consumer_key
%3D****mykey****%26oauth_nonce
%3De00561f2d16e46d928f3597fb113e705%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1265291171%26oauth_version%3D1.0
But this didn't result in a successful token request :-(
Here's the request + response content ...
POST /1.0/endpoint?method=oauth.getRequestToken HTTP/1.1
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth realm="http://
services.digg.com/",oauth_consumer_key="***MyKey***",oauth_nonce="1265367513296855000",oauth_timestamp="1265367513",oauth_callback="oob",oauth_signature_method="HMAC-
SHA1",oauth_version="1.0",oauth_signature="SCdcca5dlGroWzLmWy5DtCSn3QA
%3D"
User-Agent: Java/1.5.0_19
Host: services.digg.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
HTTP/1.1 401 Authorization Required
Date: Fri, 05 Feb 2010 10:59:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-control: private
X-RateLimit-Current: 3
X-RateLimit-Max: 1000
X-RateLimit-Reset: 3354
X-Digg-Api-Version: 1.0
Accept-Ranges: bytes
Content-Length: 111
Keep-Alive: timeout=5, max=10000
Connection: Keep-Alive
Content-Type: text/xml;charset=utf-8
<?xml version="1.0" encoding="UTF-8"?>
<error code="5001" message="Invalid signature" timestamp="1265367571"/
>
Thanks for looking at it.
Best regards,
Jef
Fernando Pinto
I'm not sure If I should ask this, but....
Since the generated signature depends on your consumer key, I cannot
absolutely check if the problem you're having is from the signing
algorithm or another factor (with the key I could cross check it in
the PHP or my .net code by manually replacing the oauth arguments with
the ones specified on your previous message).
Besides suggesting you try a nonce with the exact same length as the
one in the signature base string I provided (in my .net code I also
changed the DotNetOpenAuth library to generate a nonce with a length
of 32 characters), the only way I can further help you is if you
supply all the oauth arguments (including the consumer key), a
signature base string generated with those exact arguments and the
signature, generated for that string, by your java code.
Regards
Fernando Pinto
> ...
>
> read more »
Virtual Sushi
I tried just about everything now going from adding the
method=oauth.getRequestToken as a post parameter while removing it
from the request url to replacing the "%26" sign with a real "&" just
before the oauth_callback%3Doob%26 parameter but none of this seem to
help. I used a nonce parameter of 32 characters long and I'm pretty
sure that my request is fully OAuth compatible.
As long as the Digg api is not better documented on where they do not
follow the default OAuth instructions and as long as there's not more
and better feedback from people working at Digg about these types of
questions, I just drop Digg from my list of Social Networks that are
offered through my services. That's too bad but I just don't have the
time to invest in other people's mistakes.
I must say that I'm really very disappointed in Digg's services.
Best regards,
Jef
> ...
>
> read more »
thai.t...@gmail.com
> ...
>
> read more »
Virtual Sushi
An opensource ShareThis with confirmation feedback.
Cheers,
Jef
On Feb 8, 9:23 am, "thai.t.hu...@gmail.com" <thai.t.hu...@gmail.com>
wrote:
> ...
>
> read more »
thai.t...@gmail.com
jar that I'm happy to share with you. It took me nearly 5 days of work
to get it working after comparing it with the PHP version and patching
up little quirks here and there. Let me know if you run into any
problems. Happy coding!
http://pastie.org/private/nrmniczfat6god4uia0y1g
> ...
>
> read more »
Jeff Hodsdon
The base string should look something like this... (HTTP_METHOD&URL&PARAMS)
POST&http%3A%2F%2Fservices.digg.com%2F1.0%2Fendpoint%3Fmethod%3Doauth.getRequestToken&oauth_callback%3Doob%26oauth_consumer_key%3Dkey%26oauth_nonce%3Dbfd620bedc5e3d790148dd34079c9273%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1265661406%26oauth_version%3D1.0
The URL part is http%3A%2F%2Fservices.digg.com%2F1.0%2Fendpoint%3Fmethod%3Doauth.getRequestToken which has the ?method=oauth.getRequestToken. I think maybe the sign request code is striping that out?
I am trying to put together a working java example since you are having such a difficult time with this. Sorry about this!
-jeff
Virtual Sushi
Thanks for the code. I didn't test it yet but I can see from the way
how it is written that it is a solid package.
Thank you.
Best regards,
Jef
On Feb 8, 6:30 pm, "thai.t.hu...@gmail.com" <thai.t.hu...@gmail.com>
wrote:
> ...
>
> read more »
Virtual Sushi
I just implemented and tested your code but I run into a problem when
the retrieveToken method is called from within your DiggOAuthProvider
class. It calls the retrieveToken method in the
CommonsHttpOAuthProvider where an http GET method is issued. The
problem is that Digg is listening for POST methods ({"error":
{"timestamp":1265691890,"message":"Invalid HTTP Method, requires
POST","code":1048}}). Did you extend that commons class somewhere?
Thx,
Jef
> ...
>
> read more »
thai.t...@gmail.com
Sorry about that. I'd hard coded the HttpPost in
CommonsHttpOAuthProvider. Here is the new file for DiggOAuthProvider.
Basically, modified the retrieveToken to use HttpPost vs HttpGet. Let
me know.
http://pastie.org/private/6jhcs9i4ta63mketwmwng
> ...
>
> read more »
thai.t...@gmail.com
to a &. This causes a lot of issues with other api methods. Will post
it once I find a good solution.
On Feb 8, 11:36 pm, "thai.t.hu...@gmail.com" <thai.t.hu...@gmail.com>
wrote:
> ...
>
> read more »
thai.t...@gmail.com
method as well. It's weird how things are signed differently.
http://pastie.org/private/fs9ibnimsf4hrwmxff7q
I've tested this with the two method: bury/digg and it works. Let me
know how it turns out.
On Feb 8, 11:52 pm, "thai.t.hu...@gmail.com" <thai.t.hu...@gmail.com>
wrote:
> ...
>
> read more »