How do I make the Netflix OAuth API use my callback?

Question

I have a simple Rails application with which I am trying to use the Netflix API to gain access to some of my subscriber information, such as my history and queue. My problem is that no matter what I do, Netflix will not use my oauth_callback url, but instead forwards me to the Netflix site after I authorize the application with my user credentials.

Here is the controller code which is making the request to the Netflix API

class ExportController < ApplicationController

  def export
    consumer = OAuth::Consumer.new( ENV['NETFLIX_KEY'],ENV['NETFLIX_SECRET'],
      :site => "http://api.netflix.com",
      :request_token_url => "http://api.netflix.com/oauth/request_token",
      :access_token_url => "http://api.netflix.com/oauth/access_token", 
      :authorize_url => "https://api-user.netflix.com/oauth/login" )
    request_token = consumer.get_request_token
    session[:request_token]=request_token
    session[:request_token_secret]=request_token.secret
    url = request_token.authorize_url( :oauth_callback => "http://#{ENV['OAUTH_CALLBACK_DOMAIN']}/export_callback/", :oauth_consumer_key => ENV['NETFLIX_KEY'],
      :application_name => ENV['APPLICATION_NAME'] )
    redirect_to url
  end

  def export_callback
    @request_token=OAuth::RequestToken.new(session[:request_token],session[:request_token_secret]) 
    @access_token = @request_token.get_access_token(:oauth_verifier => params[:oauth_verifier])
  end
end

The controller correctly redirects to https://api-user.netflix.com/oauth/login site, with all the parameters correctly set. I get the Netflix Login/Authorize app page.

However, if I look at the source of this page, I see in the form that the oauth_callback field is set to oob

      <input type="hidden" name="oauth_callback" value="oob"/>

I've checked several different ways, and I am setting the oauth_callback parameter just the same as the Netflix Authentication Walkthrough. In fact, when I go through the walkthrough and put in my callback url in their field, it does in fact redirect back to my rails application.

So, my question, does anyone know how to make Netflix respect my oauth_callback field?

edit:

https://api-user.netflix.com/oauth/login?oauth_callback=http%3A%2F%2Fnetflix.dev%2Fexport_callback%2F&oauth_consumer_key=[REMOVED]&oauth_nonce=631831&oauth_timestamp=1321458391&application_name=[REMOVED]&oauth_token=[REMOVED]

You can see oauth_callback=http%3A%2F%2Fnetflix.dev%2Fexport_callback%2F being set, which is the route to my local rails app.

edit2:

I am using the oauth (0.4.5) and rails (3.1.0) and ruby-1.9.2-p290 [ x86_64 ] on Mac OS X 10.6.8.

Answer 1

The oob that is in the form probably refers to "out of bounds". The problem is with:

request_token = consumer.get_request_token

Netflix makes you pass in the callback url when you get the request token, and verifies the url in the login page. In your case, if you change it to:

request_token = consumer.get_request_token( 
          :oauth_callback => 
             "http://#{ENV['OAUTH_CALLBACK_DOMAIN']}/export_callback/" )

Everything should work from that point on, and the form will get this value. I tested out your code, and got the same oob and then added the change, and it gave the correct value in the form.