Back to OAuth General Discussion YDN SDKs Forum
0

Getting oauth_problem=signature_invalid today?

I was testing my app today, starting from scratch with getting the initial authorization. However, Yahoo! is returning an HTTP 401 error with received ASCII data = "oauth_problem=signature_invalid".

The name of this error implies that my data content may be OK, but the my signature was not generated correctly. So I tested my request-generation code using the OAuth tester available from these guys, and it says that my signature is correct. Also, I tried it with an older, release version of my app which of course was tested several months ago and worked. But it does not work any more!

Is everything working OK at Delicious today? (I'm in California).

What are the possible causes of oauth_problem=signature_invalid? According to my notes, the last time I saw this was when I was developing my code, and found that I got this result if the key/value pairs in the request body were not sorted alphabetically by key.

I checked on my YDN account and my app is still there.

I am sending the request to: https://api.login.yahoo.com/oauth/v2/get_request_token#

My request body looks like this:

oauth_callback=bookmacster%3A%2F%2FOAuth&oauth_consumer_key=MYCONSUMERKEY&oauth_nonce=LygXQvPeRCGFHaTRwmoEnw&oauth_signature=q76MsiR7QQujfNCjoO9F4ehwi%2BA%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1284147542&oauth_version=1.0

where MYCONSUMERKEY is 100 ASCII characters.

Where should I look? Is there another test server somewhere I should try?

Thanks,

Jerry Krinock

by
Report Abuse
6 Replies
  • Hi Jerry,

    Can you please provide the complete HTTP request and response headers
    so we can check where it may go wrong? You can leave out the consumer
    secret and token secret.

    If you don't want to share the information publicly, you can send it
    to yuwang AT yahoo-inc.com.

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    Report Abuse
    0
  • I remember reading some months back that Yahoo! promised to improve their developer support. I am definitely impressed.

    Requested data has been sent privately to Yu. Yes, I know that either the consumer key or the consumer secret is supposed to be never published, but I always forget which one, so I keep them both hidden :PThank you!
    Report Abuse
    0
  • Hi Jerry,

    I got your email. Can you please send request to
    "https://api.login.yahoo.com/oauth/v2/get_request_token"?

    There should be no "#" in the URL.

    Thanks,
    Yu Wang
    Report Abuse
    0
  • QUOTE (omiga @ Sep 12 2010, 09:52 AM) <{POST_SNAPBACK}>
    Hi Jerry,

    I got your email. Can you please send request to
    "https://api.login.yahoo.com/oauth/v2/get_request_token"?

    There should be no "#" in the URL.

    Thanks,
    Yu Wang



    Hi omiga

    I am using the yahoo oath library(Yahoo! Social SDK, Objective-C library) for my iphone application specified in the "http://github.com/yahoo/yos-social-objc".

    but still i am getting the same response from the server that is oauth_problem=signature_invalid.

    my request url is "https://api.login.yahoo.com/oauth/v2/get_request_token"

    and request parameters are

    oauth_callback=robo://sample&oauth_timestamp=1284616732&oauth_version=1.0&oauth_consumer_key=dj0yJmk9dXZxVTNYT1J5NmFCJmQ9WVdrOVpUaDZURXcwTTJNbWNHbzlNe
    msyTVRRMk5qSS0mcz1jb25zdW1lcnNlY3JldCZ4PTdl&oauth_signature=NMAI20o8%2FIeDKevjPIKcj4Cy9DY%3D&oauth_nonce=17C1C83E-F615-4ED2-96F0-1F0D964AC3F3&oauth_signature_method=HMAC-SHA1

    Can you please do the needful ?
    Report Abuse
    0
  • Hi Chethan,

    We don't support non-HTTP/HTTPS oauth_callback URLs as per our security
    policy, so you have to use "oauth_callback=oob" and then users have to
    type the authorized request token in your application manually.

    You can also try another workaround:
    http://developer.yahoo.net/forum/index.php...ost&p=18861
    which is not satisfactory either.

    Thanks,
    Yu Wang
    Report Abuse
    0
  • Hi,

    There is an issue in our code that fails to return the correct error
    code if HMAC-SHA1 signature method is used. Before it is fixed, if you
    find the oauth_signature_invalid error, then the actual error may be
    that the oauth_callback URL doesn't confirm to our current security
    policy. Please try with the PLAINTEXT signature and it should throw
    the correct error.

    We'll fix this one in our next available OAuth release.

    Thanks,
    Yu Wang
    Report Abuse
    0
Ask a Question

Recent Posts

in OAuth General Discussion YDN SDKs