I'm following the OAuth 1.0 Protocol so I can send an Authenticated Request to /oauth/identity Endpoint as in step 5 of the Auth flow.
From the doc, making request involves including several params as you can see here.
What my requests looks like is :
http://api.discogs.com/oauth/identity?
oauth_consumer_key=CONSUMER_KEY&
oauth_nonce=1453720099377&
oauth_signature=CONSUMER_SECRET&ACCESS_TOKEN_SECRET&
oauth_signature_method=PLAINTEXT&
oauth_timestamp=1453720099377&
oauth_token=ACCESS_TOKEN
where ACCESS_TOKEN and ACCESS_TOKEN_SECRET derive from step 4 of the Auth Flow guide and CONSUMER_SECRET and CONSUMER_KEY from my Discogs developer settings.
What my code looks in Java, since this is for an android Discogs client :
public void getIdentity() {
httpClient.addHeader("Content-Type", "application/x-www-form-urlencoded");
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.append("OAuth oauth_consumer_key=\"").append(Constants.CONSUMER_KEY).append("\",");
stringBuilder.append("oauth_nonce=\"").append(String.valueOf(System.currentTimeMillis())).append("\",");
stringBuilder.append("oauth_signature=\"").append(Constants.CONSUMER_SECRET).append(authAccessSecretToken).append("\",");
stringBuilder.append("oauth_signature_method=\"PLAINTEXT\",");
stringBuilder.append("oauth_timestamp=\"").append(String.valueOf(System.currentTimeMillis())).append("\",");
stringBuilder.append("oauth_token=\"").append(authAccessToken).append("\"");
httpClient.addHeader("Authorization", stringBuilder.toString());
httpClient.addHeader("User-Agent", "Discs/1.0 +https://jb.com");
httpClient.get(identityURL, null, new TextHttpResponseHandler() {
@Override
public void onFailure(int i, Header[] headers, String s, Throwable throwable) {
Log.d(TAG, "onFailure IDENTITY " + i + " Throwable = " + throwable);
Log.d(TAG, "onFailure IDENTITY " + s);
}
@Override
public void onSuccess(int i, Header[] headers, String s) {
Log.i(TAG, "onSuccess IDENTITY -- String= " + s);
}
});
}
But what I get is : {"message": "You must authenticate to access this resource."}
Using an OAuth library instead of generating these requests manually will likely save you a headache. more information read https://www.rfc-editor.org/rfc/rfc5849#page-14