I'm testing out RoR by building a Rails app with Pocket API, and I have to authorize the user. For HTTP requests, I'm using https://github.com/rest-client/rest-client library.
The first step, obtaining a request token works fine:
require 'rest_client'
response = RestClient.post 'https://getpocket.com/v3/oauth/request', :consumer_key => @consumer_key, :redirect_uri => @redirect_uri
@code = response.split("=")[1]
But I get a Bad Request error on the second step, which is to get an access token using the request token received on the step above:
access_token = RestClient.post 'https://getpocket.com/v3/oauth/authorize', :consumer_key => @consumer_key, :code => @code
400 Bad Request is what I get on Ruby application error screen. I have also tried the same request with cURL and POSTMan Chrome extension, and the status code I get then is: 403 Forbidden. X-Error Code I get is 158 which translates to X-Error message "User rejects code." on Pocket API docs: http://getpocket.com/developer/docs/authentication.
Since I have tried several different channels to test this request and failed each time, I'm guessing that the problem is not with parsing, but rather I might be missing an important detail or a step (maybe HTTP request headers?). Thanks for your help in advance!
Turns out that I (or we) have been missing an important detail:
Whenever testing out your request for Pocket API in POSTMan or anywhere else, we naturally skip the process of visiting the authorization URL which is in the form of:
https://getpocket.com/auth/authorize?request_token=YOUR_REQUEST_TOKEN&redirect_uri=YOUR_REDIRECT_URI
Now, even though you might have allowed your app to access your account before, on each call, Pocket API doesn't activate a request token before this URL is visited. Only then your request token becomes activated and can be used for 2nd authentication step. It works fine after doing that.
As a side note to anyone who is using Pocket API in Ruby on Rails, there is a nice wrapper gem for it: https://github.com/turadg/pocket-ruby