I've an api (running inside a jetty instance) where I personally use two-legged oauth protocol to provide accessibility clients. I authored an easy java client (using oauth-signpost) for connecting towards the api and also the connection is effective.
I must place the api behind an apache http server. The apache http server is set up to forward request to api.
The next works:
(without oauth) Client ---> Apache HTTP Server --> Jetty
(with oauth) Client ---> Jetty
The next does not work:
(with oauth) Client ---> Apache HTTP Server ---> Jetty
I get the following error message
"Invalid signature for signature method HMAC-SHA1"
Has any one of you faced this problem? Can you really sign the request but with no hostname and port?
I'd an identical problem. The issue I discovered could be that the OAuth signature and also the OAuth header block must have the Jetty URL, not the Apache URL.
I needed to modify my code to pass through along two Web addresses. The URL I had been delivering the request to (Apache) and also the Link to the resource around the final system (Jetty URL).