I've an api (running inside a jetty instance) where I personally use two-legged oauth protocol to provide accessibility clients. I authored an easy java client (using oauth-signpost) for connecting towards the api and also the connection is effective.

I must place the api behind an apache http server. The apache http server is set up to forward request to api.

The next works:

(without oauth) Client ---> Apache HTTP Server --> Jetty

(with oauth) Client ---> Jetty

The next does not work:

(with oauth) Client ---> Apache HTTP Server ---> Jetty

I get the following error message

"Invalid signature for signature method HMAC-SHA1"

Has any one of you faced this problem? Can you really sign the request but with no hostname and port?


I'd an identical problem. The issue I discovered could be that the OAuth signature and also the OAuth header block must have the Jetty URL, not the Apache URL.

I needed to modify my code to pass through along two Web addresses. The URL I had been delivering the request to (Apache) and also the Link to the resource around the final system (Jetty URL).