Hi,
I constantly get the signature invalid statement when trying to get a new token once an acces token expires (I'm using HMAC-SHA1 for signing. Here is an example of what my URL request string looks like ('[]' values replacing actual values):
https://api.login.yahoo.com/oauth/v2/get_token? oauth_consumer_key=[my key value] &oauth_nonce=5431510 &oauth_session_handle=[my session value] &oauth_signature_method=HMAC-SHA1 &oauth_timestamp=1356029929 &oauth_token=A=[expired access token value] &oauth_version=1.0 &oauth_signature=LBn4fyp54DG8Y1aKK%2FEDe%2BQEIvA%3D
The same functions is called to get a new access token and it works. It's just refreshing an expired access token is returning an invalid signature.
Am I suppose to have it ordered a specific way? Am I missing a parameter? When doing the signing part does the parameter key value pair need to be URL encoded before signing or after? Have tried all possible solutions for a couple of days so would love to hear any suggestions to debug/resolve this issue. Thank you in advance.
Return code:
'Forbidden' with the status code Unauthorized (401). Header is: Connection: close Transfer-Encoding: chunked Cache-Control: private Content-Type: application/x-www-form-urlencoded Date: Fri, 21 Dec 2012 18:07:12 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" WWW-Authenticate: OAuth oauth_problem=signature_invalid
