Back to OAuth General Discussion YDN SDKs Forum
0

401 - Please provide valid credentials

Hello,

My desktop application successfully completes the oauth flow, sends the user off to authorize my app, gets oauth_token, etc. But when I try to use my token, I get:
<?xml version='1.0' encoding='UTF-8'?>
<yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
xml:lang='en-US'>
<yahoo:description>Please provide valid credentials</yahoo:description>
</yahoo:error>
<!-- ws1.yosprs.sk1.yahoo.com uncompressed/chunked Wed Dec 31 12:00:35 PST 2008 -->


I'm using http://developer.yahoo.com/oauth/guide/oau...ke-request.html as a guideline to form my request, which is to:
http://social.yahooapis.com/v1/user/DAATE7DI5JK2L2ALJ24CPISTSE/presence/presence?oauth_consumer_key=[hiddenForSecurity]&oauth_nonce=AHgSD&oauth_signature=EmELC7weK0xIXCGxRoOXAvOjph0%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1230753635&oauth_token=[alsohidden]


The headers contain the authorization like so:
GET / HTTP/1.1
Host: social.yahooapis.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Authorization: OAuth oauth_token="[hidden]" oauth_nonce="gncRL" oauth_timestamp="1230753480" oauth_signature_method="HMAC-SHA1" oauth_consumer_key="[alsohidden]" oauth_signature="omZHio3PQmrD0%2FDxwsOeXScTpnk%3D"


So what am I doing wrong?

by
Report Abuse
26 Replies
  • HI
    Im facing exactly the same problem for a pretty long time and i'm really screwed up..
    Kindly tell me the solution of post a reply here if you have found out the solution
    THanks a lot
    Report Abuse
    0
  • I've worked around this by doing 2 things:
    1. made sure not to double-encode the oauth_token (it has a "=" in it)
    2. didn't send Authorization header

    I don't know why auth and api calls differ, but they appear to.
    Report Abuse
    0
  • These kind of errors are thrown when the token is invalid. Could you make sure that the token is a valid one and single encoded. If you still notice any issues, do let us know.

    Thanks,
    Usha

    Yahoo! OAuth Team
    Report Abuse
    0
  • QUOTE (Hacker2007 @ Jan 9 2009, 11:29 AM) <{POST_SNAPBACK}>
    These kind of errors are thrown when the token is invalid. Could you make sure that the token is a valid one and single encoded. If you still notice any issues, do let us know.

    Thanks,
    Usha

    Yahoo! OAuth Team


    I am having the same problem with HTTP POST and PUT to a resource uri using Auth Header. I used the same routine to encode and sign parameters on the queryString and in the Auth Header. The queryString works fine for HTTP GET, but the auth header one always return error 403. I did notice the "=" in the oauth_token of auth header is encoded to "%3D". Is that a problem?

    All parameter names and values are escaped using the [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) percent-encoding (%xx) mechanism. Characters not in the unreserved character set ([RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) section 2.3) MUST be encoded. Characters in the unreserved character set MUST NOT be encoded. Hexadecimal characters in encodings MUST be upper case. Text names and values MUST be encoded as UTF-8 octets before percent-encoding them per [RFC3629] (Yergeau, F., “UTF-8, a transformation format of Unicode and ISO 10646,” .).
    Report Abuse
    0
  • QUOTE (CocoBean @ Feb 9 2009, 11:08 AM) <{POST_SNAPBACK}>
    I am having the same problem with HTTP POST and PUT to a resource uri using Auth Header. I used the same routine to encode and sign parameters on the queryString and in the Auth Header. The queryString works fine for HTTP GET, but the auth header one always return error 403. I did notice the "=" in the oauth_token of auth header is encoded to "%3D". Is that a problem?

    All parameter names and values are escaped using the [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) percent-encoding (%xx) mechanism. Characters not in the unreserved character set ([RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) section 2.3) MUST be encoded. Characters in the unreserved character set MUST NOT be encoded. Hexadecimal characters in encodings MUST be upper case. Text names and values MUST be encoded as UTF-8 octets before percent-encoding them per [RFC3629] (Yergeau, F., “UTF-8, a transformation format of Unicode and ISO 10646,” .).


    The HTTP header follows a different encoding scheme: http://tools.ietf.org/html/rfc2047
    Should the "=" be encoded to "=3D" or "%3D" in the auth header?
    Report Abuse
    0
  • QUOTE (luddite33 @ Dec 31 2008, 12:08 PM) <{POST_SNAPBACK}>
    Hello,

    My desktop application successfully completes the oauth flow, sends the user off to authorize my app, gets oauth_token, etc. But when I try to use my token, I get:
    <?xml version='1.0' encoding='UTF-8'?>
    <yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
    xml:lang='en-US'>
    <yahoo:description>Please provide valid credentials</yahoo:description>
    </yahoo:error>
    <!-- ws1.yosprs.sk1.yahoo.com uncompressed/chunked Wed Dec 31 12:00:35 PST 2008 -->


    I'm using http://developer.yahoo.com/oauth/guide/oau...ke-request.html as a guideline to form my request, which is to:
    http://social.yahooapis.com/v1/user/DAATE7DI5JK2L2ALJ24CPISTSE/presence/presence?oauth_consumer_key=[hiddenForSecurity]&oauth_nonce=AHgSD&oauth_signature=EmELC7weK0xIXCGxRoOXAvOjph0%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1230753635&oauth_token=[alsohidden]


    The headers contain the authorization like so:
    GET / HTTP/1.1
    Host: social.yahooapis.com
    User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Authorization: OAuth oauth_token="[hidden]" oauth_nonce="gncRL" oauth_timestamp="1230753480" oauth_signature_method="HMAC-SHA1" oauth_consumer_key="[alsohidden]" oauth_signature="omZHio3PQmrD0%2FDxwsOeXScTpnk%3D"


    So what am I doing wrong?


    add Accept header with the value "*"
    It will work.
    Report Abuse
    0
  • QUOTE (luddite33 @ Dec 31 2008, 12:08 PM) <{POST_SNAPBACK}>
    Hello,

    My desktop application successfully completes the oauth flow, sends the user off to authorize my app, gets oauth_token, etc. But when I try to use my token, I get:
    <?xml version='1.0' encoding='UTF-8'?>
    <yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
    xml:lang='en-US'>
    <yahoo:description>Please provide valid credentials</yahoo:description>
    </yahoo:error>
    <!-- ws1.yosprs.sk1.yahoo.com uncompressed/chunked Wed Dec 31 12:00:35 PST 2008 -->


    I'm using http://developer.yahoo.com/oauth/guide/oau...ke-request.html as a guideline to form my request, which is to:
    http://social.yahooapis.com/v1/user/DAATE7DI5JK2L2ALJ24CPISTSE/presence/presence?oauth_consumer_key=[hiddenForSecurity]&oauth_nonce=AHgSD&oauth_signature=EmELC7weK0xIXCGxRoOXAvOjph0%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1230753635&oauth_token=[alsohidden]


    The headers contain the authorization like so:
    GET / HTTP/1.1
    Host: social.yahooapis.com
    User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Authorization: OAuth oauth_token="[hidden]" oauth_nonce="gncRL" oauth_timestamp="1230753480" oauth_signature_method="HMAC-SHA1" oauth_consumer_key="[alsohidden]" oauth_signature="omZHio3PQmrD0%2FDxwsOeXScTpnk%3D"


    So what am I doing wrong?


    The problem is probably due to the oauth_token it contains '%' sign, when you call the api you shouldn't encode it at all so it will look something like oauth_token=A%3D..., just make sure to encode it when you're generating the signature
    Report Abuse
    0
  • I was also experiencing this problem. Got the same reply "Please provide valid credentials" even though i was sure I was constructing the request correctly, because I used the same process for twitter and myspace and it was working for them.

    After about 3 hours of grunting and trying different things, I finally tried unencoding the token at the beginning of my request construction process and it worked.

    Now I think it's because I had saved the token in its encoded form (along with the '%3D' that kept appearing in the front of the string).

    By constructing the baseurl (verb + uri + queryparams) with the unencoded token, I was able to get successful response for an API request.

    Remember that the oauth_token value is encoded twice in the construction process..
    Once when you normalize the params into a query string, then again when you append it together with the Verb and URI to get the baseurl,

    The %3D would have been converted to '%253D', then encoded again into a '%25253D'

    And you would calculate your signature using this, which wouldn't match yahoo's calculation if they started off with a '=' instead of '%3D'

    --
    It must be that on yahoo's end, they store the token unencoded, but we were passed the encoded version. Or when they passed us back the access token in the response to ../get_token, they for some reason needed to encode it?? Which would make sense if it was attached to a callback url (as with the request token), but the access token actually came in the response.content (body) as plain text as far as I can tell.


    Anyway, that's my theory (can anyone at Yahoo help clarify?).
    Thanks.
    Report Abuse
    0
  • I am also having major problems with this 401 signature_invalid response.

    I'm trying to get a list of contacts using http://social.yahooapis.com/v1/user/{xoaut..._guid}/contacts. Everything is fine up until the point of GETting this URI. I get the request token and access token and everything looks like it should according to the documentation. I just can't seem to get it to accept my signature.

    I URL decode everything that comes back so the access token begins with "A=" as it goes into the OAuth code to generate the signature. So i'm pretty sure I don't have a problem with double-encoding or anything like that. In fact, i've tried various encoding combinations (clutching at straws) and I get a "token_rejected" error if it's not encoded properly, so it must be OK!

    I'm using C# but any example of a working call would be amazingly useful at this point. If anyone can verify that the OAuthBase code on oauth.net works that would also help me to eliminate that as a potential problem. I'm even using the OAuthBase UrlEncode method in case the upper/lower case thing really makes a difference. I'm just hitting a brick wall here, I don't know what else to try.

    Please help me before I lose my mind ;-)
    Report Abuse
    0
  • This issue seems to be the most popular issue that every developer will get include me :D(PS, I have changed some charactor of user GUID, consumer key, etc for security reason -,- )
    Report Abuse
    0
  • Hi itsnvthoai,

    I'll be able to start looking into this within the next few days but for the time being I wanted to provide you with some feedback.

    If you are just trying to capture Yahoo! social data, we do support the OpenSocial REST API libraries. There is one available for .NET so that you don't have to go through the headache of authenticating with OAuth (because the OAuth process is not a very pleasant one on any platform). That is available here: http://code.google.com/p/opensocial-net-client/

    You mentioned that we should have a page that is available to display the OAuth process input & output for each stage...well the good news is we already do. This is available at http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html and displays the input and output for each stage of the process. We try to help developers out as much as we can an in my opinion this is one of the better OAuth process flows that I have seen. I brought myself through the OAuth process using this page.

    Hopefully that should get you started in the meantime. Please let me know about your progress if you are working on it in the next few days.

    - Jon
    Report Abuse
    0
  • Hi Jonathan,

    Firstly, thank you very much for your fast response. I did follow the oAuth process page that you gave and successfully passed the get_token, get _access_token steps (step 1 to step 4)

    However, there are many developers here getting stuck at the signing request step: http://developer.yahoo.com/oauth/guide/oau...oauth-sign-hmac

    You know, we got the access_token returned by Yahoo which include a "A%3D" at the begining and it's really confusing us. Honestly, after reading all threads and comments in this box, I still don't know how is the correct value of access_token to use while constructing the signature base text. I tried 2 ways:


    #1: Encode the access_token which was returned by Yahoo:
    A%3DR6Ou7a6eiV07P9mo8gNQZIc89CibahOa.......... to A%253DR6Ou7a6eiV07P9mo8gNQZIc89CibahOa..........
    So the constructed signature base text would be:
    QUOTE
    GET&http%3A%2F%2Fsocial.yahooapis.com%2Fv1%2Fuser%2F2OP4A4V2TPUNHTRPAPCWFHZGGU%2Fcontacts&oauth_consumer_key%3Ddj0yJmk9Tk1lblhyYUVSc01JJmQ9WgyhuWVHNXJaa2xETnpZbWNHbzlNVE0wTkRBNU5UZ3pOZy0tJn
    M9Y29uc3VtZXJzZWNyZXQmeD0xYw--%26oauth_nonce%3Dbff8ef1c176c467eae634d85d68eff09%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1259471650%26oauth_token%3DA%253DR6Ou7a6eiV07P9mo8gNQZIc89CibahOa.....................%26oauth_version%3D1.0


    #2: Keep the original value returned by Yahoo and construct signature base text:
    So the constructed signature base text would be:
    QUOTE
    GET&http%3A%2F%2Fsocial.yahooapis.com%2Fv1%2Fuser%2F2OP4A4V2TPUNHTRPAPCWFHZGGU%2Fcontacts&oauth_consumer_key%3Ddj0yJmk9Tk1lblhyYUVSc01JJmQ9WgyhuWVHNXJaa2xETnpZbWNHbzlNVE0wTkRBNU5UZ3pOZy0tJn
    M9Y29uc3VtZXJzZWNyZXQmeD0xYw--%26oauth_nonce%3Dbff8ef1c176c467eae634d85d68eff09%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1259471650%26oauth_token%3DA%3DR6Ou7a6eiV07P9mo8gNQZIc89CibahOa.....................%26oauth_version%3D1.0


    And no ways works :(
    Report Abuse
    0
  • Thank you all,

    I have solved this issue myselft :DThanks.
    Report Abuse
    0
  • QUOTE (itsnvthoai @ Nov 29 2009, 03:49 AM) <{POST_SNAPBACK}>
    You need to use method #2 of my above post, that means your normalized text should like:


    Sorry, It's method #1. It's my typing mistake :bAnd you need to keep exactly the access token returned by Yahoo (it's include A%3D at the begining) when caling the API request.
    Report Abuse
    1
  • I'm glad you were able to figure it out, and thank you for posting the solution here - I'm sure it will help another developer who comes upon the same problem.

    - Jon
    Report Abuse
    0
  • QUOTE (itsnvthoai @ Nov 29 2009, 03:56 AM) <{POST_SNAPBACK}>
    And you need to keep exactly the access token returned by Yahoo (it's include A%3D at the begining) when caling the API request.


    Hi itsnvthoai,

    Is it possible for you to share the C# code for header construction and then post the request to Yahoo? This would be very helpful for many!!

    Thanks very much in advance.

    Kind regards,
    K
    Report Abuse
    0
  • QUOTE (itsnvthoai @ Nov 29 2009, 03:56 AM) <{POST_SNAPBACK}>
    Sorry, It's method #1. It's my typing mistake :bI see that you dont have signature in the signature base text, you just have signature_type. Are we not suppose to have the signature in the base string?
    Report Abuse
    0
  • QUOTE (Sharanjit @ Feb 12 2010, 09:29 AM) <{POST_SNAPBACK}>
    Hi itsnvthoai,

    I see that you dont have signature in the signature base text, you just have signature_type. Are we not suppose to have the signature in the base string?


    That is correct. You cannot include the signature in the Signature Base String, because you have not generated it yet. You need the Signature Base String to generate the signature.
    Report Abuse
    0
  • Hi Jonnath,

    Please help me in the issue.

    My code looks likes this....I'm gettting ...Please provide valid credentials. OAuth oauth_problem="unable_to_determine_oauth_type",

    System.out.println("url----"+getLoginUrl());
    Map<String, String> accMap = getAccessTokenMap(oauth_token, oauth_validurl);
    System.out.println("Token and Secret----------------------"+accMap.get("oauth_token_secret")+"----------"+accMap.get("oauth_token"));
    String guid = accMap.get("xoauth_yahoo_guid");
    System.out.println("Guid------------------"+guid);
    //String url = "http://social.yahooapis.com/v1/user/"+guid+"/profile?format=json";
    String url = "http://social.yahooapis.com/v1/user/" + guid
    + "/profile?format=xml";


    Map params = new HashMap(accMap);
    params.put("oauth_signature_method", "HMAC-SHA1");
    params.put("oauth_nonce", new Random().nextInt() + "");
    params.put("oauth_timestamp", (int) (System.currentTimeMillis() / 1000)
    + "");
    params.remove("oauth_signature");


    System.out.println("---token "+accMap.get("oauth_token"));
    OAuthParameters oaup = new OAuthParameters();
    oaup.setOAuthCallback(callback);
    oaup.setOAuthConsumerKey(key);
    oaup.setOAuthConsumerSecret(secret);
    oaup.setOAuthNonce(OAuthUtil.getNonce());
    oaup.setOAuthTimestamp(OAuthUtil.getTimestamp());
    oaup.setOAuthToken(accMap.get("oauth_token"));
    oaup.setOAuthTokenSecret(accMap.get("oauth_token_secret"));


    String baseString = OAuthUtil.getSignatureBaseString(url, "GET", oaup.getBaseParameters());

    System.out.println("Base String " + baseString);
    OAuthHmacSha1Signer sgner = new OAuthHmacSha1Signer();
    String signature = (sgner.getSignature(baseString, oaup));

    oaup.setOAuthSignature(signature);
    oaup.setOAuthSignatureMethod("HMAC-SHA1");
    oaup.setRealm("yahooapis.com");

    String p1 = oaup.getBaseParameters().toString().replace("{", "").replace("}","").replace(", ","&");
    String p2 = oaup.getExtraParameters().toString().replace("{", "").replace("}","").replace(", ","&");
    HttpClient client = new HttpClient();


    GetMethod getm = new GetMethod(url.toString());
    String authString = "OAuth \n";
    authString = (authString+p1+p2).replace("=","=\"").replace("&", "\"\n");
    System.out.println(authString);

    getm.addRequestHeader(OAuthParameters.REALM_KEY, oaup.getRealm());

    getm.addRequestHeader("oauth_version", "1.0");
    getm.addRequestHeader(OAuthParameters.OAUTH_SIGNATURE_KEY, oaup.getOAuthSignature());

    client.executeMethod(getm);

    System.out.println(getm.getResponseBodyAsString());

    System.out.println("URL : "+url);


    Looking for your reply.
    Report Abuse
    0
  • Hi
    what my problem here
    OAuth
    oauth_consumer_key="[secret]"
    oauth_nonce="12711321775176"
    oauth_timestamp="1274077787"
    oauth_signature_method="HMAC-SHA1"
    oauth_token="A%3DecdLBbjSvgAgLwl_xtdXGUm8vHi8HqNRpgWsUj_EN9ovwhNyrcUYWtfDufFOPS3Ly4RGh8KU7jpHru
    Pyp7x4YsAVM0qMvqTyHyPYzdZx8cif6qtSw8cAVl1pHFbVZUoyz5aDwFPcrBWROkKuTwOM9EbgCMdM.wC
    LftmRRPT3f6OH5yzMwWKgnKAPqfESVBjyqg5mf0313S7IN9tl5egdPuhvJbqip0ONxTMiCAX0peHXGWis
    dxqFRFZWeeKD.XUYL5i7EGmM7sADpQfLnn0GH3TWfZ6SxsGsazL2IVfZNGJyLtB18b91qsZHZaZ5bvP2i
    F3lNG3MMdJpWkK5WUr3hsQFLqHPhzxSFKGDHYSQbfLvP1Zzpg52C2zP1vRxxbyqyMSwvjfXqCXHV4fJis
    0WuqeC0Co0sadF2LSKOpbpWBEOqqqOCIUqK8Q0a7dBp084.y2.x3yguWkqz.HJ_ibb5pLNbiI3SuupKFT
    pAgiBPEWUNf_jWC6eAXjggvlORq.cSYDwxx1cJ3cfIBqzqJlmLOm7VUZhYVoS8GWHk6DPMoi9.nnOXKcq
    _baqzxxJGC6r_G0ui4Rv9hQCh36TA7dhIXqu68tsGA5w7FkzropkjlRr8eVJA7BLMAx1Sj0icEFB77sae
    8xvNp8pnmUw_iVS_MytRlhPbAlpdU5VUJzdJvIM3BH5wE9fVDFcVSdGSsx44RqnC4_lj7QU8PTHa_vq40
    Y48W_hqh2ioauth_consumer_secret="bbc573bf20068f9fa21ed2b8ddaf2898290c7ea3%26"
    realm="yahooapis.com"
    oauth_token_secret="[secret]"
    oauth_signature="[secret]""
    oauth_callback="http://apps.sutisoft.com/sutitr/
    <?xml version='1.0' encoding='UTF-8'?>
    <yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
    xml:lang='en-US'>
    <yahoo:description>Please provide valid credentials. OAuth oauth_problem="unable_to_determine_oauth_type", realm="yahooapis.com"</yahoo:description>
    </yahoo:error>
    <!-- ws116.socdir.sp2.yahoo.com uncompressed/chunked Sun May 16 23:33:50 PDT 2010 -->

    URL : http://social.yahooapis.com/v1/user/QJDSW7...file?format=xml
    Report Abuse
    0
  • Hi, I went through all the steps in the documentation but can not get what someuseful data, because I do not know how to sign the request. The server alwaysreturns a 401 error. This C # code, tell me what's wrong, I am suffering for five hours. 
            var web = new WebClient();        var timeStamp      = Math.Floor((DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds).ToString();        var nonce        = Guid.NewGuid().ToString("N").Substring(0, 6);        var oauth_token     = ht["oauth_token"];        var oauth_token_secret = ht["oauth_token_secret"];        var url = "http://social.yahooapis.com/v1/user/" + ht["xoauth_yahoo_guid"] + "/profile";        var param =                  "oauth_consumer_key="    + HttpUtility.UrlEncode(consumer_key)  + "&" +                "oauth_nonce="       + HttpUtility.UrlEncode(nonce)     + "&" +                "oauth_signature_method="  + HttpUtility.UrlEncode("HMAC-SHA1")  + "&" +                "oauth_timestamp="     + HttpUtility.UrlEncode(timeStamp)   + "&" +                 "oauth_token="       + HttpUtility.UrlEncode(oauth_token)  + "&" +                "oauth_version="      + HttpUtility.UrlEncode("1.0");         var sig_str = "GET&" + HttpUtility.UrlEncode(url) + "&" + HttpUtility.UrlEncode(param);        var sig_key = HttpUtility.UrlEncode(consumer_secret) + "&" + HttpUtility.UrlEncode(oauth_token_secret);        var hmacsha1    = new HMACSHA1(Encoding.UTF8.GetBytes(sig_key));        var signatureBytes = hmacsha1.ComputeHash(Encoding.UTF8.GetBytes(sig_str));        var sig       = Convert.ToBase64String(signatureBytes);        web.Headers.Add("Content-Type", "application/x-www-form-urlencoded");        res = web.DownloadString(url + "?" + param + "&oauth_signature=" + HttpUtility.UrlEncode(sig));
    Report Abuse
    0
  •                 var web = new WebClient();
                    var timeStamp           = Math.Floor((DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds).ToString();
                    var nonce               = Guid.NewGuid().ToString("N").Substring(0, 6);
                    var oauth_token         = ht["oauth_token"];
                    var oauth_token_secret  = ht["oauth_token_secret"];
                    var url = "http://social.yahooapis.com/v1/user/" + ht["xoauth_yahoo_guid"] + "/profile";

                    var param  =    
                                    "oauth_consumer_key="       + HttpUtility.UrlEncode(consumer_key)   + "&" +
                                    "oauth_nonce="              + HttpUtility.UrlEncode(nonce)          + "&" +
                                    "oauth_signature_method="   + HttpUtility.UrlEncode("HMAC-SHA1")    + "&" +
                                    "oauth_timestamp="          + HttpUtility.UrlEncode(timeStamp)      + "&" + 
                                    "oauth_token="              + HttpUtility.UrlEncode(oauth_token)    + "&" +
                                    "oauth_version="            + HttpUtility.UrlEncode("1.0");

                    var sig_str  = "GET&" + HttpUtility.UrlEncode(url) + "&" + HttpUtility.UrlEncode(param);
                    var sig_key  = HttpUtility.UrlEncode(consumer_secret) + "&" + HttpUtility.UrlEncode(oauth_token_secret);
                    var hmacsha1        = new HMACSHA1(Encoding.UTF8.GetBytes(sig_key));
                    var signatureBytes  = hmacsha1.ComputeHash(Encoding.UTF8.GetBytes(sig_str));
                    var sig             = Convert.ToBase64String(signatureBytes);
                    web.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
                    res = web.DownloadString(url + "?" + param + "&oauth_signature=" + HttpUtility.UrlEncode(sig));
    Report Abuse
    0
  • @Максим: Did you sign up for a new client key and secret?

    The OAuth endpoints for Request Token and Access Token seem to be down.

    That could be the reason why there is a 401 error.

    Existing client keys that have been authorised before seem to work.
    Report Abuse
    0
  • I went through all the steps of:
    1. I registered an application with read contacts.
    2. Then I received a request token. 
    3. Then I got permission from the user and got callback from yahoo 
    4. Here I changed the Request Token for Access Token 
    5. My problem at this point. I need to call yahoo api, signed request. 

    As shown above in my example, I have formed a normalized string as shown in the specification of 9.0-9.2. Then I got his hash consumer_secret + "&" + oauth_token_secret.
    Report Abuse
    0
  • I still can not solve this problem .... 

    QUOTE(Stephen @ 23 May 2012 6:50 PM)
    @Максим: Did you sign up for a new client key and secret?

    The OAuth endpoints for Request Token and Access Token seem to be down.

    That could be the reason why there is a 401 error.

    Existing client keys that have been authorised before seem to work.
    Report Abuse
    0
  • I also got the same problem, yahoo is really poor of documentation. Looks like yahoo really like to keep everything secret until no way to do with their API
    Report Abuse
    0
Ask a Question

Recent Posts

in OAuth General Discussion YDN SDKs