problems validating oauth_signature at my canvas URL
I have my YAP's canvas URL pointing to a servlet that authenticates a Yahoo player for my game, logs them in and then loads the game in the canvas. This all works great, but I'm having problems validating the oauth_signature that is passed in with all the other parameters. For reference, I'm getting the following parameters in the call to my canvas URL:
According to the documentation here and here, the signature should be generated by normalizing the request, then hashing that string, signed with my consumer secret and the token secret concatenated with an ampersand. Here's what I'm passing to my HMAC-SHA1 method (which is tested and works with other OAuth applications):
I'm calculating the key correctly (including capitalizing the alpha characters), but the signature I get is different to the signature sent in with the request to the canvas URL.
oauth_signature: 0ejLMvn9sJ3XkBjq5ec/8n2LIfQ= my calculated signature: tjTh2pk0W0ai7TJCoP/XwvexrCM=
I don't see my error, the base string for the signature calculation looks correct to me.
My canvas URL is the following: http://bluetongue.homeip.net:8080/v/yahooAuthenticate?env=yap. I've tried including the "env=yap" parameter both in the URL portion of the baseString, and as one of the parameters, as well as leaving it out entirely, however none of these work. I also have my suspicions that the inclusion of the non-standard HTTP port might be causing the issue.
Is there any way to see exactly how the oauth_token is being calculated on Yahoo's side when the call to my canvas URL is made?