Back to OAuth General Discussion YDN SDKs Forum
0

get_request_token results in consumer_key_rejected

Hi!

I've looked through all the docs and this forum, but couldn't find an answer to the following problem:

I've registered an application to use the OAuth authentication and have successfully obtained the needed auth data (actually, 3 distinct times).
Now I try to start OAuth process, but get_request_token returns: WWW-Authenticate: OAuth oauth_problem=consumer_key_rejected

I did a lot of experiments from both the authorized domain and a test server, with different request methods, keys etc. They indicate, that the signature is correctly verified and the key is recognized (if I provide other keys, I get key_unknown), so I can't find any cause for this problem, neither a solution.

My request looks like this:
GET /oauth/v2/get_request_token?oauth_signature=<signature>&oauth_consumer_key=<consumer_key>&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1256667658&oauth_nonce=287057418&oauth_version=1.0 HTTP/1.1

And in return I get:
HTTP/1.1 401 Authorization Required
Date: Tue, 27 Oct 2009 18:24:09 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
WWW-Authenticate: OAuth oauth_problem=consumer_key_rejected
Connection: close
Transfer-Encoding: chunked
Content-Type: application/x-www-form-urlencoded

Can anyone explain to me, what am I doing wrong?

by
Report Abuse
9 Replies
  • QUOTE (vseloved @ Oct 27 2009, 10:33 AM) <{POST_SNAPBACK}>
    Hi!

    I've looked through all the docs and this forum, but couldn't find an answer to the following problem:

    I've registered an application to use the OAuth authentication and have successfully obtained the needed auth data (actually, 3 distinct times).
    Now I try to start OAuth process, but get_request_token returns: WWW-Authenticate: OAuth oauth_problem=consumer_key_rejected

    I did a lot of experiments from both the authorized domain and a test server, with different request methods, keys etc. They indicate, that the signature is correctly verified and the key is recognized (if I provide other keys, I get key_unknown), so I can't find any cause for this problem, neither a solution.

    My request looks like this:
    GET /oauth/v2/get_request_token?oauth_signature=<signature>&oauth_consumer_key=<consumer_key>&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1256667658&oauth_nonce=287057418&oauth_version=1.0 HTTP/1.1

    And in return I get:
    HTTP/1.1 401 Authorization Required
    Date: Tue, 27 Oct 2009 18:24:09 GMT
    P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
    WWW-Authenticate: OAuth oauth_problem=consumer_key_rejected
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: application/x-www-form-urlencoded

    Can anyone explain to me, what am I doing wrong?


    Can you verify your consumer key from the developer dashboard: http://developer.yahoo.com/dashboard. Can you provide the complete http request/response with headers?
    Report Abuse
    0
  • Dustin, thanks for the reply!

    QUOTE (Dustin Whittle @ Nov 1 2009, 01:30 PM) <{POST_SNAPBACK}>
    Can you verify your consumer key from the developer dashboard: http://developer.yahoo.com/dashboard. Can you provide the complete http request/response with headers?


    Yes I have verified it (the details are here: https://developer.apps.yahoo.com/dashboard/...ml?key=xbgafc6e Don't know, if you can access them).

    The complete exchange is below. (Is it ok to post your API key in public forum? I mean, will I need to create new key after this post?)

    GET /oauth/v2/get_request_token?oauth_signature=3LqNmvmbuc3JqWnlsZci6FwHAhI%3D&oauth_consumer_key=dj0yJmk9M3d1TU9HNWtLTUpBJmQ9WVdrOWVHSm5ZV1pqTm1VbWNHbzlNV
    EUyTlRVME1UTTImcz1jb25zdW1lcnNlY3JldCZ4PTdi&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1257145626&oauth_nonce=68196963&oauth_version=1.0 HTTP/1.1
    Host: api.login.yahoo.com
    User-Agent: Drakma/0.11.5 (SBCL 1.0.20; Linux; 2.6.18-5-686; http://weitz.de/drakma/)
    Accept: */*
    Connection: close

    HTTP/1.1 401 Authorization Required
    Date: Mon, 02 Nov 2009 07:11:20 GMT
    P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
    WWW-Authenticate: OAuth oauth_problem=consumer_key_rejected
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: application/x-www-form-urlencoded

    PS. Forgot to write in the previous post, that I've tried both GET and POST requests (just for GET it's easier to see the parameters)
    Report Abuse
    0
  • Is this problem solved? I am also getting the same issue when implementing in java. I have used google oauth library in this process. The same code was working prefect some months ago, but suddenly the authentication broken.
    The error code is "com.google.gdata.client.authn.oauth.OAuthException: UnAuthorized"
    "Server returned HTTP response code: 401 for URL: api.login.yahoo.com/oauth/v2/get_request_token?oauth_nonce=11610121305949&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=<key>&oauth_timestamp=1261991188&oauth_signature=brrdXVsemUIxgLAVq6p5vwoXIbs%3D"

    - Thanks
    Report Abuse
    0
  • QUOTE (Dustin Whittle @ Nov 1 2009, 01:30 PM) <{POST_SNAPBACK}>
    Can you verify your consumer key from the developer dashboard: http://developer.yahoo.com/dashboard. Can you provide the complete http request/response with headers?


    After i create ymail oauth key/secret, need i wait couple of Hours or days?
    Help me.
    Report Abuse
    0
  • QUOTE (besso @ Oct 31 2010, 06:02 PM) <{POST_SNAPBACK}>
    After i create ymail oauth key/secret, need i wait couple of Hours or days?
    Help me.


    Hi there. I'm going through the same problem here. Anybody has this working?
    Report Abuse
    0
  • QUOTE (danielweinmann@... @ Feb 6 2011, 10:58 AM) <{POST_SNAPBACK}>
    Hi there. I'm going through the same problem here. Anybody has this working?


    Same here - seeing exactly the same issue. Can someone from Yahoo chime in?
    Report Abuse
    0
  • Yahoo!'s consumer key and secret change as you change the scope of the requested API. When you create a new application, you need to pick which APIs you are going to use. If you pick nothing, you will get this error code when trying to get a request token. However, after picking some APIs, Yahoo will issue you a *new* consumer key and secret (this is unlike any other OAuth provider). You must update your application to the new credentials and try again.
    Report Abuse
    0
  • QUOTE (theRazorBlade @ Feb 27 2011, 04:05 PM) <{POST_SNAPBACK}>
    Yahoo!'s consumer key and secret change as you change the scope of the requested API. When you create a new application, you need to pick which APIs you are going to use. If you pick nothing, you will get this error code when trying to get a request token. However, after picking some APIs, Yahoo will issue you a *new* consumer key and secret (this is unlike any other OAuth provider). You must update your application to the new credentials and try again.


    This worked for me. When you first make your project, I think it doesn't maintain the application scopes. I went back and had to reselect the scope and then use the different key and secret...
    Report Abuse
    0
  • thank you matt, i know
    Report Abuse
    0
Ask a Question

Recent Posts

in OAuth General Discussion YDN SDKs