401 unauthorized error on callback

[hugofloss]

I'm trying to connect through OAuth, but I'm having some difficulties with that. I have the following method in my controller (of course with a correct callback url):

def evernote_web_auth()
    client = EvernoteOAuth::Client.new
    request_token = client.request_token(oauth_callback: 'my_callback_url')

    request_token
  end

Following with this code to generate the the authorization url: evernote_web_auth().authorize_url. This works, and I can authorize with my sandbox account. After authorizing, I get redirected to the same controller that contains the following code:

request_token = evernote_web_auth()
access_token = request_token.get_access_token(oauth_verifier: params[:oauth_verifier])

This should work (like the guide explained). As you can see, it uses the same method as I used to generate the authorization url to perform .get_access_token on, but this time it results in a 401 - Unauthorized error.

My consumer key and secret are correct because I can generate the authorization url. So, what's wrong with the gem?

[hugofloss]

My request token object:

#<OAuth::RequestToken:0x007fdcb236ddc8 @token="[REDACTED]", @secret="[REDACTED]", @consumer=#<OAuth::Consumer:0x007fdcb22d2c10 @key="[REDACTED]", @secret="[REDACTED]", @options={:signature_method=>"HMAC-SHA1", :request_token_path=>"/oauth", :authorize_path=>"/OAuth.action", :access_token_path=>"/oauth", :proxy=>nil, :scheme=>:header, :http_method=>:post, :oauth_version=>"1.0", :site=>"https://sandbox.evernote.com"}, @http_method=:post, @http=#<Net::HTTP sandbox.evernote.com:443 open=false>>, @params={:oauth_token=>"[REDACTED]", "oauth_token"=>"[REDACTED]", :oauth_token_secret=>"[REDACTED]", "oauth_token_secret"=>"[REDACTED]", :oauth_callback_confirmed=>"true", "oauth_callback_confirmed"=>"true"}>

[jordangraft]

same here. did you figure this out or get the answer from somewhere else?
@jenskanis

[hugofloss]

I fixed this by just using the OAuth gem to connect with Evernote, but I still like to use Evernote to connect.

[magegu]

+1 here, I think the authors assume that you have the SAME request_token instance in your callback than you used to create before you created the authorize URL ... inside this object you find some "token" and "secret" variables that are different for every request_token instance.

I assume we need to store some of the request_token data in the users session. Unfortunaly its not documented which data to store and how to use it in to "recreate" a request token instance ... it is NOT possible to store the whole instance in the session.

[Tumas]

Only the secret variable needs to be stored in session. When you create a new instance of request_token object, reassign the secret variable and you are good to go.

# before authentication
request_token = client.request_token(:oauth_callback => 'YOUR CALLBACK URL')
session[:request_token_secret] = request_token.secret

# after authentication
request_token = client.request_token(:oauth_callback => 'YOUR CALLBACK URL')
request_token.secret = session[:request_token_secret]
request_token.token = params[:oauth_token]

request_token.get_access_token oauth_verifier: params[:oauth_verifier]