We're getting a Oauth1.0 signature mismatch, seemingly due to our production box sitting behind a reverse proxy.
Our entire codebase works (signature matches) on our beta box at (http://beta.mainwebsite.com), but fails at (https://www.mainwebsite.com).
It seems like the reason is that our external client signs using our host URI which is slightly differently from our internal URI (I suspect they sign the external https and we try to verify using the internal http addr).
Any thoughts on how to fix this? I figured a dirty approach would be to change the request URI somewhere in the OAuth, but I'm really trying to refrain from such unportable approach.
We're running the standard OAuth gem for ruby.
We ended up going with changing the setting at our nginx proxy level to properly forward the request protocol.
See this answer for more details: Oauth provider behind reverse proxy