Back to OAuth General Discussion YDN SDKs Forum
0

signature_invalid: Getting Contact details from address book

I have done all the Oauth steps needed to get the Access token from the Yahoo. But when I am trying to make yahoo api call to get the contact details, it is giving following error...

<?xml version='1.0' encoding='UTF-8'?>
<yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
xml:lang='en-US'>
<yahoo:description>Please provide valid credentials. OAuth oauth_problem="signature_invalid", realm="yahooapis.com"</yahoo:description>
</yahoo:error>
<!-- ws107.socdir.sg1.yahoo.com uncompressed/chunked Sun Oct 11 11:07:13 PDT 2009 -->
Oct 11, 2009 11:37:17 PM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
WARNING: Unable to respond to any of these challenges: {oauth=OAuth oauth_problem="signature_invalid", realm="yahooapis.com"}

Commands that I used to call the api is given below:

String address = "http://social.yahooapis.com/v1/user/" + guid + "/contacts" ; // guid is the guid recd. from yahoo

PostMethod getContactMethod = new PostMethod(address);


String header = "OAuth realm=\"yahooapis.com\"," + "oauth_consumer_key=" +"\"" + strOauthConsumerKey +"\"," + "oauth_token=" + "\"" + strOauthToken + "\"," + "oauth_signature_method=\"HMAC-SHA1\"," + "oauth_signature=" + "\"" + signature + "\"," + "oauth_timestamp=" + "\"" + strOauthTimestamp + "\"," + "oauth_nonce=" + "\"" + strOauthNonce + "\"," + "oauth_version=" + "\"" + strOauthVersion + "\"";

/* 'signature' in above statement is calculated using HMAC-sha1 algorithm.. I verified its return value from the example given in yahoo contact documentation... so it cann't be wrong....

Header head = new Header("Authorization", header); // is it a proper way of setting authorization header....
getContactMethod.setRequestHeader(head);

client.executeMethod(getContactMethod); // client is HttpClient instance


Can somebody point out where I am making mistake. I have doubt about setting the authorization header in post request.. Have I done it correctly... Plz respond... I have already wasted a lot of time on this...

by
Report Abuse
19 Replies
  • I have the same problem. I use HMAC-SHA1 method for getting request token and when I use this method for getting contacts list I got error signature invalid. Did you find any solution?
    Report Abuse
    0
  • i too have the same problem. Anyone have any solution please?
    Report Abuse
    0
  • We got oauth successfully with plaintext, failed to get Yahoo contact with plain text, signature method rejected; Used by applying HMAC consumeSecret and concat with "&" + HAMC of tokenSecret. It fails with the message oauth_problem=signature_invalid. Can someone at Yahoo respond with a solution. Our code is in hava.
    Report Abuse
    0
  • It seems that many people have run into the same issues and Yahoo doesn't have the answer for this Is yahoo serious about these forums and resolving this issues that so many people have posted. The only option we have now is to move on with gmail, msn and other email service integrations.
    Report Abuse
    0
  • QUOTE (Satish @ Feb 7 2010, 10:37 AM) <{POST_SNAPBACK}>
    It seems that many people have run into the same issues and Yahoo doesn't have the answer for this Is yahoo serious about these forums and resolving this issues that so many people have posted. The only option we have now is to move on with gmail, msn and other email service integrations.


    Did anyone get "invalid signature" error figured out?
    Report Abuse
    0
  • QUOTE (Sharanjit @ Feb 11 2010, 11:53 AM) <{POST_SNAPBACK}>
    Did anyone get "invalid signature" error figured out?


    Still happens for me with status code 401 and error message: oauth_problem=signature_invalid

    I use http://code.google.com/p/oauth-signpost/ which works for twitter,linkedin, google and myspace:
    CODE
        	OAuthConsumer consumer = new DefaultOAuthConsumer("My OAuth Consumer Key","MY OAuth Consumer Secret");

            OAuthProvider provider = new DefaultOAuthProvider(
                    "https://api.login.yahoo.com/oauth/v2/get_request_token",
                    "https://api.login.yahoo.com/oauth/v2/request_auth",
                    "https://api.login.yahoo.com/oauth/v2/get_token");

            String authUrl = provider.retrieveRequestToken(consumer, OAuth.OUT_OF_BAND);

    Any suggestion?
    Report Abuse
    0
  • i was having the same issue... turns out I was storing my oauth access token as a mysql varchar 255 and apparently the token was being truncated. switched it to a text field and reran the oauth process to get a valid access token and now it works. not sure if this will help the rest of you but I figured I would share just in case...

    good luck.
    -ro60
    Report Abuse
    0
  • QUOTE (robotoverlord @ Feb 23 2010, 05:49 PM) <{POST_SNAPBACK}>
    i was having the same issue... turns out I was storing my oauth access token as a mysql varchar 255 and apparently the token was being truncated. switched it to a text field and reran the oauth process to get a valid access token and now it works. not sure if this will help the rest of you but I figured I would share just in case...


    Thanks for the shared information.

    I didn't go that far. From my previous post, you can see that I failed during first step to get a request token. Following is my debug information:
    CODE
    [SIGNPOST] SBS: GET&https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Fget_request_token&oauth_callback%3Doob%26oauth_consumer_key%DELETED_KEY%26oauth_nonce%3D6239674871164621124%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1267007225%26oauth_version%3D1.0
    [SIGNPOST] signature: kH0jXz2hPgEwL6u8U3/IiLWOnkU=
    [SIGNPOST] Http Response 401 with error message: oauth_problem=signature_invalid
    Report Abuse
    0
  • QUOTE (Guo @ Feb 24 2010, 02:32 AM) <{POST_SNAPBACK}>
    Thanks for the shared information.

    I didn't go that far. From my previous post, you can see that I failed during first step to get a request token. Following is my debug information:
    CODE
    [SIGNPOST] SBS: GET&https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Fget_request_token&oauth_callback%3Doob%26oauth_consumer_key%DELETED_KEY%26oauth_nonce%3D6239674871164621124%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1267007225%26oauth_version%3D1.0
    [SIGNPOST] signature: kH0jXz2hPgEwL6u8U3/IiLWOnkU=
    [SIGNPOST] Http Response 401 with error message: oauth_problem=signature_invalid


    Generating the normalized signature base string is what usually trips people up. I have written a short tutorial to help.
    http://nullinfo.wordpress.com/oauth-yahoo/

    Post your normalized signature base string here and we can try to help you spot the problem. Or you can run the php script getreqtok.php in my oauth-yahoo tutorial and see the actual request and response that's flying by.
    Report Abuse
    0
  • QUOTE (joec @ Feb 24 2010, 12:19 PM) <{POST_SNAPBACK}>
    Post your normalized signature base string here and we can try to help you spot the problem. Or you can run the php script getreqtok.php in my oauth-yahoo tutorial and see the actual request and response that's flying by.


    Thanks Joec. I played your php code and it works for both get and post.

    I managed to reproduce a success/failure case to get request token.

    First start with success case with use get and put all parameter in query string.
    CODE
    https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_callback=oob&oauth_consumer_key=PRIVATE&oauth_nonce=-7082127284588197810&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1267130278&oauth_version=1.0&oauth_signature=zfldZ65FA1H9RQDCZTTB4sU3mwQ=

    It return with expected result:
    oauth_token=h5tbxrr&oauth_token_secret=PRIVATE&oauth_expires_in=3600&xoauth_request_auth_url=https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Frequest_auth%3Foauth_token%3Dh5tbxrr&oauth_callback_confirmed=true



    The failure case is using Authorization header (http://oauth.net/core/1.0/#encoding_parameters) which used by signpost and works for other oauth providers.
    CODE
    URL:
    https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_callback=oob

    Header:
    Authorization: OAuth oauth_consumer_key="PRIVATE", oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1267131075", oauth_nonce="3036187053120318961", oauth_signature="ouKINgayoZN%2BYGjwRUKK%2BT0YhMg%3D"


    I verified the my oauth_signature which is identical with your php code when have same input.

    Appreciated if you can confirm the success with Authorization header.
    Report Abuse
    0
  • Add a command sample to test the oauth with header:
    CODE
    curl --header 'Authorization: OAuth oauth_consumer_key="PRIVATE", oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1267134026", oauth_nonce="2377469878948407373", oauth_signature="c614jt5cliUxKkCd4D4dXGr5%2BQo%3D"' 'https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_callback=oob'
    Report Abuse
    0
  • QUOTE (Guo @ Feb 25 2010, 01:43 PM) <{POST_SNAPBACK}>
    Add a command sample to test the oauth with header:
    CODE
    curl --header 'Authorization: OAuth oauth_consumer_key="PRIVATE", oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1267134026", oauth_nonce="2377469878948407373", oauth_signature="c614jt5cliUxKkCd4D4dXGr5%2BQo%3D"' 'https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_callback=oob'


    Hi, the callcontact.php script shows how to pass OAuth credentials in an HTTP header (look for passOAuthInHeader=true)

    Here is what a working header looks like when I pull that code into getreqtok.php and print it out in debug mode.
    CODE
    Authorization: OAuth realm="yahooapis.com",oauth_version="1.0",oauth_nonce="1634136265",oauth_timestamp="1267228589",oauth_consumer_key="blah--",oauth_callback="http%3A%2F%2Fexample.com%2Fcontact_test",oauth_signature_method="HMAC-SHA1",oauth_signature="rDH1I3AQvBSOgwEd6FoglvH3ipA%3D"
    Report Abuse
    0
  • I think found the problem: yahoo doesn't take the query parameter "oauth_callback=oob" while has Authentication header.

    Success:
    CODE
    curl --header 'Authorization: oauth_consumer_key="dj0yJmk9S3g4TThjaFRoaFVzJmQ9WVdrOVowVndRVnBQTkdjbWNHbzlPVFEzTmpVMU16WXkmcz1j
    b25zdW1lcnNlY3JldCZ4PTEw", oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1267354021", oauth_nonce="5829928309594833948", oauth_signature="Cv2RzkffGKSYTjXCXtomeuVQu4s%3D", oauth_callback="oob"' 'https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_callback=oob'


    Failure:
    CODE
    curl --header 'Authorization: oauth_consumer_key="dj0yJmk9S3g4TThjaFRoaFVzJmQ9WVdrOVowVndRVnBQTkdjbWNHbzlPVFEzTmpVMU16WXkmcz1j
    b25zdW1lcnNlY3JldCZ4PTEw", oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1267354021", oauth_nonce="5829928309594833948", oauth_signature="Cv2RzkffGKSYTjXCXtomeuVQu4s%3D"' 'https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_callback=oob'


    Thanks for all the assistance for debug and appreciated if it could be fixed.
    Report Abuse
    0
  • QUOTE (Guo @ Feb 28 2010, 03:21 AM) <{POST_SNAPBACK}>
    I think found the problem: yahoo doesn't take the query parameter "oauth_callback=oob" while has Authentication header.

    Success:
    CODE
    curl --header 'Authorization: oauth_consumer_key="dj0yJmk9S3g4TThjaFRoaFVzJmQ9WVdrOVowVndRVnBQTkdjbWNHbzlPVFEzTmpVMU16WXkmcz1j
    b25zdW1lcnNlY3JldCZ4PTEw", oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1267354021", oauth_nonce="5829928309594833948", oauth_signature="Cv2RzkffGKSYTjXCXtomeuVQu4s%3D", oauth_callback="oob"' 'https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_callback=oob'


    Failure:
    CODE
    curl --header 'Authorization: oauth_consumer_key="dj0yJmk9S3g4TThjaFRoaFVzJmQ9WVdrOVowVndRVnBQTkdjbWNHbzlPVFEzTmpVMU16WXkmcz1j
    b25zdW1lcnNlY3JldCZ4PTEw", oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1267354021", oauth_nonce="5829928309594833948", oauth_signature="Cv2RzkffGKSYTjXCXtomeuVQu4s%3D"' 'https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_callback=oob'


    Thanks for all the assistance for debug and appreciated if it could be fixed.


    Hi. It works for me if I pass oauth_callback="oob" in the Authorization: header. However, I do not include some oauth paramters in the header and some in the URL query parameter. This is an either or thing. Either you pass all oauth parameters in the header, or you pass them in the POST body, or you pass them in the GET url.
    Report Abuse
    0
  • I reported on signpost list http://groups.google.com/group/signpost-us...b4718fc543a9619.

    Other hand, hope yahoo could give better error message when this happens.

    Thanks joec for the support!

    -Guo
    Report Abuse
    0
  • i am also facing same error invalid signature.
    But Yahoo does not rectify this error other ways give proper error message.


    Thanks
    Report Abuse
    0
  • hi all,

    I am facing problem in getting my yahoo user id  using yahoo api.

    If anybody knows " How to get current logined user id of yahoo user "\

    please share your answer.


    Thanks 

    Report Abuse
    0
  • I use signpost 1.2.1.2, but still met the invalid signature error every time. Is the problem really solved?


    QUOTE(Reddyvenkata @ 19 Jul 2012 6:17 AM)
    i am also facing same error invalid signature.
    But Yahoo does not rectify this error other ways give proper error message.


    Thanks
    Report Abuse
    0
  • I am able to authenticate through oauth to yahoo account, but the problem is I am only able to fetch yahoo contacts even I have facebook contacts inside yahoo contacts too. What could be the possible reason behind this ?? Any help will be highly appreciated
    Report Abuse
    0
Ask a Question

Recent Posts

in OAuth General Discussion YDN SDKs