So, I naively switched my endpoint paths to 1.1/ to see if it would work while using the gtm-oauth library, which has been working fine.
It seems to have broken in the switch.
I’ve looked closely at my Authentication headers which — except for oauth_nonce and oauth_signature (and timestamp), are consistent between my app and the OAuth Signing Tool.
It seems to me that either the signing mechanics have altered, or the nonce uniqueness requirements have changed between 1.0 and 1.1.
The error I get back from the service is “Bad Authentication data”,“code”:215" for:
using the following authentication parameters in the request header:
OAuth oauth_consumer_key=“09ARKva0K7HMz1DW1GUg”, oauth_token=“185383-nxvJMkTAvYX14YRdBhEOfOUKYzcA3ZQzLqNVMMt4Nc”, oauth_signature_method=“HMAC-SHA1”, oauth_version=“1.0”, oauth_nonce=“e4ad7f4753c4929”, oauth_timestamp=“1352098450”, oauth_signature=“hA9s%2B%2FnGRUc9OdUNqf5G4cQn5g0%3D”
a few moments later, the OAuth signing tool told me I should be using something like this:
Authorization: OAuth oauth_consumer_key=“09ARKva0K7HMz1DW1GUg”, oauth_nonce=“3a2881b92c790e41cf6e211124f1e099”, oauth_signature=“OlN0h3vPdPih8F%2FQbEDQth5RVZQ%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1352098650”, oauth_token=“185383-nxvJMkTAvYX14YRdBhEOfOUKYzcA3ZQzLqNVMMt4Nc”, oauth_version=“1.0”
Aside from the oauth_timestamp nonce and the signature are the only things that are off. And, if I understand things correctly, nonce should be okay so long as its likely to be unique for awhile. Seems like the signing mechanics are different and I should change how GTM-OAuth signs?
Any suggestions on how to proceed further debugging this?