{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 再贱就再见 的问题《How can you sign a POST with OAuth1.0a using scala》','https://www.manongdao.com/q-809134.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to implement an LTI Launch Request (http://www.imsglobal.org/LTI/v1p1/ltiIMGv1p1.html) using Scala and Play 2.2.0. It is basically a HTTP POST with form parameters and an OAuth signature.
I can successfully sign the POST but only if the POST body is not added. The 'OAuthCalculator' class doesn't seem to use the POST body when calculating the signature.
This doesn't calculate the correct signature.
val params = Map(
"lti_message_type" -> Seq("basic-lti-launch-request"),
"lti_version" -> Seq("LTI-1p0"),
"launch_presentation_return_url" -> Seq("http://lms.com"),
"resource_link_id" -> Seq("1023"))
WS.url("http://myservice:56024/widget")
.sign(OAuthCalculator(key, RequestToken(null, null)))
.post(params)
It does correctly calculate them if no body is given to the POST.
WS.url("http://myservice:56024/widget")
.sign(OAuthCalculator(key, RequestToken(null, null)))
.post("")
I am purposefully passing an empty request token because I want the calculator to perform OAuth signing only.
Is there another method of adding the POST body or another way to get the library to sign the request?
It does not seem possible for OAuth Signpost to sign POST parameters included in the message body with the standard HTTP request library used in Scala Play 2.0. https://code.google.com/p/oauth-signpost/wiki/GettingStarted#Signing_an_HTTP_message_using_OAuthConsumer see note in section that described why it cannot include the POST message body in the signing.
I worked around this by using the Apache HTTP client to make a synchronous call.