0

I have an api (running in a jetty instance) where I use two-legged oauth protocol to give access to the clients. I wrote a simple java client (using oauth-signpost) to connect to the api and the connection is successful.

I would like to put the api behind an apache http server. The apache http server is configured to forward request to api.

The following works:

(without oauth) Client ---> Apache HTTP Server --> Jetty

(with oauth) Client ---> Jetty

The following doesn't work:

(with oauth) Client ---> Apache HTTP Server ---> Jetty

I receive the following error message

"Invalid signature for signature method HMAC-SHA1"

Has any of you faced this issue? Is it possible to sign the request but without the hostname and port?

Thank you.

Zoltan Altfatter
  • 802
  • 2
  • 11
  • 25

1 Answers1

0

I had a similar problem. The problem I found was that the OAuth signature and the OAuth header block need to have the Jetty URL, not the Apache URL.

I had to modify my code to pass along two URLs. The URL I was sending the request to (Apache) and the URL of the resource on the final system (Jetty URL).

Mark S.
  • 3,849
  • 4
  • 20
  • 22
  • How did you pass along the two URLs? Which client oauth library did you use? – Zoltan Altfatter Aug 24 '11 at 08:35
  • I modified the OAuth code my company had to have two URLs sent along internally. One was the actual URL that the request was going to (your Apache URL) and the other was the URL of the resource (your Jetty URL). I no longer have the code (handed it over when I changed jobs). – Mark S. Aug 24 '11 at 14:53