Ruby on Rails 3.0.6 - Google Docs API OAuth Authentication Problems

SurfingWave · June 28, 2025, 6:38pm

I’m having trouble with OAuth authentication when trying to create documents through Google Docs API in my Rails application. The request just hangs and doesn’t complete.

xml_payload = '<atom:entry xmlns:atom="http://www.w3.org/2005/Atom">
  <atom:category scheme="http://schemas.google.com/g/2005#kind"
                 term="http://schemas.google.com/docs/2007#spreadsheet" />
  <atom:title>Employee Data</atom:title>
</atom:entry>'

base_string = 'POST&http://docs.google.com/feeds/documents/private/full&oauth_consumer_key=CONSUMER_KEY&oauth_nonce=abc123def456&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1234567890&oauth_version=1.0&xoauth_requestor_id=USER_EMAIL'

consumer_secret = 'SECRET_KEY'

signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1', consumer_secret, base_string)}"))

request_headers = {
  'Content-Type' => 'application/atom+xml',
  'Authorization' => 'OAuth oauth_consumer_key="CONSUMER_KEY",oauth_nonce="abc123def456",oauth_signature=' + signature + ',oauth_signature_method="HMAC-SHA1",oauth_timestamp="1234567890",oauth_version="1.0"'
}

api_uri = URI.parse 'http://docs.google.com/feeds/documents/private/full?xoauth_requestor_id=USER_EMAIL'
http_client = Net::HTTP.new api_uri.host, api_uri.port
http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
http_client.use_ssl = true
response, result = http_client.post(api_uri.request_uri, xml_payload, request_headers)

Where:

CONSUMER_KEY = OAuth consumer key
USER_EMAIL = target user’s email address
SECRET_KEY = OAuth consumer secret

Any ideas what might be causing this?

Alex_Thunder · July 8, 2025, 9:05am

hey! i think you’re missing the oauth_token in ur base string. even if it’s empty, just add oauth_token=“” to ur auth header. google’s api can be picky about these details.

livbrown · July 8, 2025, 7:15am

Your signature generation is backwards. You’re encoding the base string first, then applying HMAC - flip that around. Apply HMAC to the properly formatted base string, then Base64 encode the result. Also, building the base string manually is asking for trouble since parameter ordering matters for OAuth signatures. I had the same hanging problems until I ditched the manual approach and used the oauth gem instead. It handles signature generation properly. Manual methods usually fail because of tiny encoding or ordering mistakes you can’t easily catch.

alexlee · July 6, 2025, 1:24pm

I’ve encountered this same issue with Google’s OAuth. The problem lies in your base string construction; you need to URL encode the parameters correctly before concatenating them. Moreover, your SSL configuration seems off - setting verify_mode = VERIFY_NONE while using use_ssl = true on an HTTP URI is contradictory. Instead, directly use the HTTPS endpoint and remove the VERIFY_NONE setting. Ensure your timestamp is current, as Google rejects requests with timestamps that deviate significantly from their server time. I resolved my issues with hanging requests by generating a new nonce and timestamp for each request.