module Paypal::Permissions::Oauth

Constants

OAUTH_RESERVED_CHARACTERS

Note: OAuth does not encode '.', but PayPal does.

OAUTH_SIGNATURE_METHOD

Public Instance Methods

generate_signature(token, token_secret, http_method, endpoint) click to toggle source

Create the X-PP-AUTHORIZATION header

# File lib/paypal/permissions/oauth.rb, line 13
def generate_signature(token, token_secret, http_method, endpoint)
  raise "Invalid HTTP Method. Valid values: GET, POST, DELETE, UPDATE." unless ['GET','POST','DELETE','UPDATE'].include? http_method

  timestamp = Time.now.to_i.to_s
  signature_key = "#{@password}&#{oauth_escape(token_secret)}"

  oauth_params = {
    'oauth_consumer_key'      => @userid,
    'oauth_signature_method'  => OAUTH_SIGNATURE_METHOD,
    'oauth_timestamp'         => timestamp,
    'oauth_token'             => token,
    'oauth_version'           => '1.0',
  }

  input_string = "#{http_method}&#{oauth_escape(endpoint)}&"
  input_string += oauth_params.map{ |k,v| "#{k}=#{v}" }.join('&')

  # HMAC SHA1
  digest_key = ::Digest::SHA1.digest(signature_key)
  sha1_hash  = ::OpenSSL::Digest::Digest.new('sha1')
  signature  = ::OpenSSL::HMAC.hexdigest(sha1_hash, digest_key, input_string)

  "timestamp=#{timestamp},token=#{token},signature=#{signature}"
end
oauth_escape(value) click to toggle source
# File lib/paypal/permissions/oauth.rb, line 38
def oauth_escape(value)
  URI::escape(value.to_s, OAUTH_RESERVED_CHARACTERS)
end