Back to Fantasy Sports API Forum
0

OAuth oauth_problem="signature_invalid" when executing YQL requests with Scribe

HI,

I am having trouble executing YQL requests using scribe java library. not sure what I am doing wrong but the system doesn't seem to like my request. I am able to do get the user authorization and do get authdata back in the form X&Y&Z and I use X as access token and Y as token secret to formulate requests using scribe java API. please find attached the HTTP request and response, any help would be appreciated.


Thanks,

Z

Request:

GET /v1/yql?q=select+*+from+fantasysports.leagues+where+league_key%3D%27249.l.37334%27 HTTP/1.1
Authorization: OAuth oauth_consumer_key="dj0yJmk9bG9a…….meD0wOA--", oauth_nonce="2d48c42c15614972e99f87bc05d8031e", oauth_signature="48LsFPOtWBmFQGBH%2BS1xxNfhUWw%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286314620", oauth_token="A%3DGOuiGX3juBHErfO2ovdbwEaWil1KI6Tq28g0LXtbf9_ONf.a8bV1.UT6YLORc5p3roQ9EFeotR6b4l
t9a7pqHiioQsAby8UyEK5tg4U5TzoJEnPjHyOq7JdV764hFN.Sm2ryb86DxcO6FnHJjPQPKF8NdK8XoFS
Kp5PAm6LvTT1Cqup36aGjpzYo585N3RVRSPkrLIqAjQ.mhVf7mzTpFcIhX0ll.kxSWpDm8Uj6sSfYr3u5
vLntGiR27wxQnS2dz9Mry0aIN9OJANVzTbdVC98wcatLq.JZDVyw9HAiOhc1C8D6qKfn1y8OYZqEK3nCE
JmhO0XrV7Ly.d_UUKHk1g0HU1I25o5Wy6LFUS3Fl21z8bu6fJ1fIrIEC7ABVPktBlpTf1WFl4ryFDt24C
SQMNh_nOQnh3rC6dRhN25VIuUnWeis7ytfW1O5hXN5ZipcfnU6sCT4Pjyov0wg4Y24u7QQ.2.q_7kPvSt
EPONQKGn_Ny5YL0hLx.oENUJFiq.IyjiE29kHVMs6VioIFMECxN3WMIIuLaZ.9VtMAfqUHdLtodJ88nc4
zxTxyjV9kiAMykXVslnqyfw.8VCLb_MKJWPuV_Ii6.FcKolRa52Gm1hcIl4SYiT2OayGaUvkX33DgK2.9
wFogP3VR41xarN5SusvRaO32WoTfkJsaDRxmglz4K6txtn0k_F6", oauth_version="1.0", realm="yahooapis.com"
User-Agent: Java/1.6.0_21
Host: query.yahooapis.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

Response:

HTTP/1.1 401 Authorization Required
Date: Tue, 05 Oct 2010 21:37:01 GMT
WWW-Authenticate: OAuth oauth_problem="signature_invalid", realm="yahooapis.com"
Content-Type: application/xml
Cache-Control: private
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: YTS/1.17.21

16a
<?xml version='1.0' encoding='UTF-8'?>
<yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
xml:lang='en-US'>
<yahoo:description>Please provide valid credentials. OAuth oauth_problem="signature_invalid", realm="yahooapis.com"</yahoo:description>
</yahoo:error>
<!-- yqlengine1.pipes.mud.yahoo.com uncompressed/chunked Tue Oct 5 14:37:01 PDT 2010 -->

0

by
Report Abuse
6 Replies
  • Hrm. That conceptually seems okay. Could you provide any sample code for how you're generating the base string for the signature? The only gotchas that I remember had to do mostly with what values were URL encoded and what order you presented the arguments in.
    Report Abuse
    0
  • First time poster here...

    I seem to be having a similar problem. I am able to get a token, token secret and the other applicable values (session handle, GUID, etc.) through PLAINTEXT. Once I try to make an API call (which to my understanding is required to be signed using HMAC-SHA1), I am always getting a 401 - Unauthorized response.

    I have read in a few posts that the order of the parameters and which ones are URL encoded is important, but I can't find out what this should be. Does anyone know for sure?

    For reference, here is the request normalized:
    CODE
    GET&http%3a%2f%2ffantasysports.yahooapis.com%2ffantasy%2fv2%2fteam%2f248.l.18532.t.1%2froster
    &oauth_consumer_key%3ddj0yJmk9NjJTSFBuWjZRbW5SJmQ9WVdrOVdWbENSMDUxTmpRbWNHbzlNQS0tJnM9Y29uc3VtZXJzZW
    NyZXQmeD0xNA--
    %26oauth_nonce%3d3998591%26oauth_signature_method%3dHMAC-SHA1%26oauth_timestamp%3d1288020099
    %26oauth_token%3dA%3dNwZqpJf_uAXfzheug.qm2t.gR4pzmwPSVfGFVhUqdYyaSx9LLxqGlsfm7xslyOqx0toqyu5xPAM3h9
    hFK1yFhT9pL_2ZNkMAsH_pRfRrgznU3E6Rmb1CotmqP5lzk0YGqeZiKuyBHUSUXv1muPXFrBp2shlZpU4
    75nyAR9Cy.cqsfv_71sVKBPT7UT8Hv0OcQrsjYQeMhR94Zo2v9HBmdRi28P9O4.kgG.HSfguiwqIiKmMt
    6JMivFIhSGBqna17sWwnPpkUZLV_e8mqDJJroaD3iGX0KcXVrBEMC6GvDVqpgtbf4cFMY92BdKiMLADB2
    OXnr0XbTMiiENp.wfTu9Yy7EkaxVKX60Rilg97ZFDWyGPC1uFUpLHtVI7kDlgzg_c_Pqupc70pycWK4Fn
    nT3Z1v874kjl5M6rx1Fgo0.rRD6oGmNf__aIQG65QbBEkPVoEw9PlGRGghWh8optAwRQ1stmQcxJLbcFl
    LEbDDu_bmskQ_4RVgMnDm9Xk7rEfCCnrbvAGpdtrn.lU_5DKbWZeDc09Ih3QtdCaE_Z_spUWpGiGsZgtb
    FTte9K78_Vc1ijWmNZIusX_XXXGOhFMvy4V1M51Oqg7uRyziBhFsYZvs5u8JzW5h3u_Xz0beMUW2l.VbH
    LPnBArCZ7TlXrnSB9pjcKffyCLIe4n0aGDPsXvmYH6PUZqOCWjmuzw0ih8jFICkmeHep9SGro5i8hnwHU
    9y.ASx6L5Tx4k-%26oauth_version%3d1.0


    And here is the URL I am calling once the signature is produce from the previous normalized URL:
    CODE
    http://fantasysports.yahooapis.com/fantasy/v2/team/248.l.18532.t.1/roster?
    oauth_consumer_key=dj0yJmk9NjJTSFBuWjZRbW5SJmQ9WVdrOVdWbENSMDUxTmpRbWNHbzlNQS0tJ
    nM9Y29uc3VtZXJzZWNyZXQmeD0xNA--&oauth_nonce=4327908&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1288020606&oauth_token=A=Jnasb4fgjz1NAnK9TD047Mr_IMEjUiVrB42UsZFvCeYCwa53vbgHSZzLvO3bOr
    N5GX1sTjHzjGK4JE_XtCoJJsRMKq80OiFybJynzJTQLlKfK8h73JMmZmYeoBEpOUMeZwIVRdsekH2Xhf9
    k8mDEFUeJjozaetsCNc_Pf_vq4QmM_Nskh_bWlMgReT.UQPomWzGlji54wnqqBX7IYipLG0IGx8L.m9og
    IXRCr2J4CyZte2lrElldwLIIVNLY0evLNzakFr2C249EytXEdsi0Qpnz3zEjyQ8nFM3fd1M0ALj8E8M_w
    nQVOiltps5x0rUeTuzUABJMcUGwaJICWUpyLzWcvd5M8ksFv5e6f9oE2pVGEu7m0UelGr6urXNBfeRp.V
    LRSwcrylS_LCbhl56yDPSXJVuhby4dEe52QbpDGd6urDJtShzuxvmxWxjjVGq8yz7RciVOIpQhgqQ.zPV
    LIPodXf2XQJDXWnGdN7IPZS36viShLuSXqFbU0H067bIJQBYC49jMNrPWcAny8n_B6JG525k8oz2zNy.y
    dBtys9cqPpjByTqlCIqXoSCt6SZwKY1SBJROZKfSzT3bo3ccAYk8phs.eHMo88QIuwmLnFkHM_MNXZNvp
    y1rvJckPolyPCz_7YVXTUzW.by.N97ASHhf1x4dyEekHAKMzTsKUY3jXYwE_2MxdIY1o9PibbYkzljQAI
    Jt5hvINxyKHkgMShjwm8MUqzKW0PM-&oauth_version=1.0&oauth_signature=fwucIwhiatKkopV1pSO%2fKirqYlk%3d


    You may notice that in the normalized URL, the token is URL encoded while in the signed call, it is not. I've tried both ways and was still unsuccessful. I hope I'm missing something simple since I'm new to OAuth, but I've tried a number of different things and have had no luck.

    Thanks to anyone who can be of assistance.
    Report Abuse
    0
  • Oh and I also want to note that I realize the Nonce keys are different in those two examples. I copied and pasted the strings from two different runs of tests.
    Report Abuse
    0
  • Yup, again, things generally look good with your setup, too, Steve. Maybe easiest would just be for me to post the code that I have that seems to generally work. This is in PHP and was for POST-ing.

    CODE
    $oauth_consumer_key = $consumer_key;
    $oauth_nonce = rand( 0, 100000 );
    $oauth_signature_method = 'HMAC-SHA1';
    $oauth_timestamp = time();
    $oauth_version = "1.0";
    $oauth_token = $response['oauth_token'];

    $method = 'POST';
    $params = '';
    $params .= 'oauth_consumer_key=' . urlencode($oauth_consumer_key);
    $params .= '&oauth_nonce=' . urlencode($oauth_nonce);
    $params .= '&oauth_signature_method=' . urlencode($oauth_signature_method);
    $params .= '&oauth_timestamp=' . urlencode($oauth_timestamp);
    $params .= '&oauth_token=' . urlencode( $oauth_token );
    $params .= '&oauth_version=' . urlencode($oauth_version);

    $base_string = urlencode( $method ) . '&' . urlencode( $url ) . '&' .
      urlencode( $params );

    print 'Base string: ' . $base_string . "\n";
    $secret = urlencode( $consumer_secret ) . '&' . urlencode( $response['oauth_token_secret'] );
    $signature = base64_encode( hash_hmac( 'sha1', $base_string, $secret, true ) );

    print 'Signature: ' . $signature . "\n";

    $test_url = $url . '?' . $params . '&oauth_signature=' . urlencode( $signature );

    print 'Test URL: ' . $test_url . "\n";

    $postdata = '<test>test</test>';

    $ch = curl_init();
    curl_setopt( $ch, CURLOPT_HTTPHEADER, array( 'Content-type: application/xml' ) );
    curl_setopt( $ch, CURLOPT_POST, 1 );
    curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata );
    curl_setopt( $ch, CURLOPT_URL, $test_url );
    curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );

    $ycw_result = curl_exec( $ch );
    $ret_code = curl_getinfo( $ch, CURLINFO_HTTP_CODE );

    curl_close( $ch );

    print_r( $ycw_result );
    print 'Return code: ' . $ret_code . "\n";


    Going over the steps, it's basically:

    a) Formulate your oauth params, basically urlencoding all values.
    B)Does that work for you?
    Report Abuse
    0
  • Thanks again, Sean.

    I took your inputs and saw that our signatures were different. After going through what seemed like each character of the values, I noticed that I was setting the base string with lower case values for the encoded chars ("%3d", "&2f", etc) where you had upper case values ("%3D", "%2F", etc). After seeing that and fixing the code, I finally got the same signature.

    I made a call to my football league URL and hockey URL got back the expected XML. Sweet.

    Thanks for all your help.
    Report Abuse
    0
  • i am also getting same error oauth_problem=signature_invalid in query string.

    and

    header format error

    Please provide valid credentials. OAuth oauth_problem="unable_to_determine_oauth_type", realm="yahooapis.com"



    any one please help me
    Report Abuse
    0
Ask a Question

Recent Posts

in Fantasy Sports API