0

I am trying to use auth.getMobileSession method to authenticate user to my last.fm application that is built using last.fm REST api.

Last.fm says that for mobile applications we need to send AuthToken 

authToken (Required) : A 32-byte ASCII hexadecimal MD5 hash of the last.fm username and       the user's password hash. i.e. md5(username + md5(password)), where '+' represents a concatenation. The username supplied should match the string used to generate the authToken.

This is what I am trying to do in ruby:

password = Digest::MD5.hexdigest("my_password")
auth_token = Digest::MD5.hexdigest("#{user_name}#{password}")
url_with_params = URI.parse("#{url}?method=auth.getmobilesession&api_key=#{api_key}&username=#{user_name}&authtoken=#{auth_token}&api_sig=#{api_sig}&format=json")
resp = Net::HTTP.get_response(url_with_params)
puts JSON.parse(resp.body)

The output that I am getting is:

{"error"=>4, "message"=>"Invalid authentication token. Please check username/password supplied"}

Can anybody tell me what is it that I am doing wrong ?

nightf0x
  • 1,969
  • 3
  • 17
  • 24

1 Answers1

1

I've actually done this, let me grab my code for you.

token = Digest::MD5.hexdigest("#{params[:lfmuser]}#{params[:pass]}") ## given md5 hashed password
#token = Digest::MD5.hexdigest("#{params[:lfmuser]}#{Digest::MD5.hexdigest(params[:pass])}") ## given plaintext password

## api_sig is all calls to the api put in alphabetical order, then the apisecret stuck on the end, then md5 hash it all.
apisig = Digest::MD5.hexdigest("api_key#{@bot.config['lastfm.api_key']}authToken#{token}methodauth.getmobilesessionusername#{params[:lfmuser]}#{@bot.config['lastfm.secret']}")
opts = {:cache => false}
xml = @bot.httputil.get_response("#{lastfm_api_url}method=auth.getmobilesession&username=#{CGI.escape params[:lfmuser]}&authToken=#{token}&api_sig=#{apisig}", opts)
response = Document.new xml.body
unless response
  m.reply "could not parse xml from last.fm - omg"
  return
end
if xml.class == Net::HTTPBadRequest
  m.reply "error from last.fm: #{response.root.elements["error"].text}"
  return
end
## skey is used to do things that need authorization on last.fm, store this however you want
skey = response.root.elements[1].elements["key"].text

this is the basic of what you need to do.

Rob
  • 2,779
  • 5
  • 23
  • 34