0

Signature Invalid and Token Rejected Errors-Yahoo Oauth Social API using Javascript

Reference: 1) http://developer.yahoo.net/forum/index.php?showtopic=4460
2) http://developer.yahoo.net/forum/index.php?showtopic=3949
3) http://developer.yahoo.net/forum/index.php?showtopic=3686

After referring these many threads also, I was not able to get an accurate/correct/exact answer/solution/fix for the problem which i am also facing.
In those threads they were referring OAuth application in JAVA and Perl languages.But I wanted it working in Javascript. Though I found the sample code from http://oauth.googlecode.com/svn/code/javascript/ - still it was not that much clear to get the contacts of a user from Yahoo Social API. I followed the exact steps of OAuth too. After struggling for one week I am posting this thread out of frustration.I just needed a full fledged working sample or example of Getting contacts from Yahoo using OAuth in JS.Wherever I searched the Signature and Token Issues for Yahoo OAUTH, I was not able to get a complete answer.

Even I tried the simple CURL command to GET/POST a request for Yahoo Social API. There too I was getting the same error,

When I tried with "https://social.yahooapis.com/v1/user/"+guid+"/contacts"; I am getting Connection timed Out or Connection to the host lost.
I am not sure why Yahoo Social API is not returning the exact error response as I got signature_invalid and token_rejected errors for mere API calls.

Is there any solutions or suggestions atleast for gettting it work??

Any help would be greatly appreciated.

Thanks
Test SCF

by
5 Replies
  • I don't think you want to rely on yahoo anymore to solve this issue. Their support sucks and they make big of their social api's. We've posted many weeks ago and they don't bother to answer. We bought a third party product to solve our issues. If you are depending on Yahoo for a business app around their API's, good luck !
    3
  • Finally I have figured out the solution in Javascript only.The signature.html from the sample http://oauth.googlecode.com/svn/code/javas.../signature.html was really helpful to fix this issue.

    The main fix was the Access token send to yahoo which should be decoded correctly in JS which was different from Java.
    I have provided the code snippet here in HTML which you can verify in IE browser(I am not sure why it didn't work in other browsers)
    But any way the main concept of javascript will work fine- I have added a text area to display the contacts in XML format using AJAX.
    Provide the necessary values and check whether the values are coming correctly using the alerts.

    The URL here is to access the Contacts from Yahoo API i.e: http://social.yahooapis.com/v1/user/".../contacts"

    JS Code
    -------------
    <HTML>
    <head>
    <script type="text/javascript" src="http://oauth.googlecode.com/svn/code/javascript/sha1.js"></script>
    <script type="text/javascript" src="http://oauth.googlecode.com/svn/code/javascript/oauth.js"></script>
    </head>
    <script language="javascript">
    var oauth_consumer_key ="<Provide your Consumer Key here>";
    var oauth_token = "<Provide your Access Token here>"; // This should be double decoded- if it stars with A%25%25%3DkLa, it should be A=kLa
    var consumerSecret = "<Provide your Consumer Secret here>";
    var tokenSecret = "<Provide your Token Secret here>";
    var guid = "<Provide your Yahoo GUID here>";
    var timeStamp1 = OAuth.timestamp();
    var nonce1 = OAuth.nonce(11);
    var accessor = { consumerSecret: consumerSecret
    , tokenSecret : tokenSecret};
    var message = { method: "GET"
    , action: "http://social.yahooapis.com/v1/user/"+guid+"/contacts"
    ,parameters:[]
    };
    message.parameters.push(["oauth_version","1.0"]);
    message.parameters.push(["oauth_consumer_key",oauth_consumer_key]);
    message.parameters.push(["oauth_token",oauth_token]);
    message.parameters.push(["oauth_timestamp",timeStamp1]);
    message.parameters.push(["oauth_nonce",nonce1]);
    message.parameters.push(["oauth_signature_method","HMAC-SHA1"]);
    OAuth.SignatureMethod.sign(message, accessor);
    var key = OAuth.percentEncode(consumerSecret) +"&"+OAuth.percentEncode(tokenSecret);
    var signature = b64_hmac_sha1(key,OAuth.SignatureMethod.getBaseString(message));
    alert("Signature: " +signature);
    alert("NormalizedParameters : "+ OAuth.SignatureMethod.normalizeParameters(message.parameters));
    alert("SignatureBaseString : " + OAuth.SignatureMethod.getBaseString(message));
    alert("Signature : " + OAuth.getParameter(message.parameters, "oauth_signature"));
    alert("AuthorizationHeader : " + OAuth.getAuthorizationHeader("http://yahooapis.com/", message.parameters));
    alert("URL : " + "http://social.yahooapis.com/v1/user/"+guid+"/ contacts?"+OAuth.SignatureMethod.normalizeParameters(message.parameters)
    +"&oauth_signature="+OAuth.percentEncode(OAuth.getParameter(message.parameters,'oauth_signature')));
    var url ="http://social.yahooapis.com/v1/user/"+guid+"/contacts?"+OAuth.SignatureMethod.normalizeParameters(message.parameters)
    +"&oauth_signature="+OAuth.percentEncode(OAuth.getParameter(message.parameters,'oauth_signature'));

    xmlhttpPost(url);

    function xmlhttpPost(strURL) {
    var xmlHttpReq = false;
    var self = this;
    // Mozilla/Safari
    if (window.XMLHttpRequest) {
    self.xmlHttpReq = new XMLHttpRequest();
    }
    // IE
    else if (window.ActiveXObject) {
    self.xmlHttpReq = new ActiveXObject("Microsoft.XMLHTTP");
    }
    self.xmlHttpReq.open('GET', strURL, true);
    self.xmlHttpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
    self.xmlHttpReq.setRequestHeader('Authorization', 'OAuth');
    self.xmlHttpReq.onreadystatechange = function() {
    if (self.xmlHttpReq.readyState == 4) {
    updatepage(self.xmlHttpReq.responseText);
    }
    }
    self.xmlHttpReq.send();
    }

    function updatepage(str){
    document.getElementById("oauthBox").value += str;
    }
    </script>
    <body>
    <textarea id="oauthBox" rows=20 cols=120></textarea>
    </body>
    </HTML>

    Hope this helps to satisfy the hunger for Yahoo OAuth using Javascript.

    Thanks,
    Test SCF
    0
  • QUOTE (Test @ Feb 17 2010, 07:50 AM) <{POST_SNAPBACK}>
    Finally I have figured out the solution in Javascript only.The signature.html from the sample http://oauth.googlecode.com/svn/code/javas.../signature.html was really helpful to fix this issue.

    The main fix was the Access token send to yahoo which should be decoded correctly in JS which was different from Java.
    I have provided the code snippet here in HTML which you can verify in IE browser(I am not sure why it didn't work in other browsers)
    But any way the main concept of javascript will work fine- I have added a text area to display the contacts in XML format using AJAX.
    Provide the necessary values and check whether the values are coming correctly using the alerts.

    The URL here is to access the Contacts from Yahoo API i.e: http://social.yahooapis.com/v1/user/".../contacts"

    JS Code
    -------------
    <HTML>
    <head>
    <script type="text/javascript" src="http://oauth.googlecode.com/svn/code/javascript/sha1.js"></script>
    <script type="text/javascript" src="http://oauth.googlecode.com/svn/code/javascript/oauth.js"></script>
    </head>
    <script language="javascript">
    var oauth_consumer_key ="<Provide your Consumer Key here>";
    var oauth_token = "<Provide your Access Token here>"; // This should be double decoded- if it stars with A%25%25%3DkLa, it should be A=kLa
    var consumerSecret = "<Provide your Consumer Secret here>";
    var tokenSecret = "<Provide your Token Secret here>";
    var guid = "<Provide your Yahoo GUID here>";
    var timeStamp1 = OAuth.timestamp();
    var nonce1 = OAuth.nonce(11);
    var accessor = { consumerSecret: consumerSecret
    , tokenSecret : tokenSecret};
    var message = { method: "GET"
    , action: "http://social.yahooapis.com/v1/user/"+guid+"/contacts"
    ,parameters:[]
    };
    message.parameters.push(["oauth_version","1.0"]);
    message.parameters.push(["oauth_consumer_key",oauth_consumer_key]);
    message.parameters.push(["oauth_token",oauth_token]);
    message.parameters.push(["oauth_timestamp",timeStamp1]);
    message.parameters.push(["oauth_nonce",nonce1]);
    message.parameters.push(["oauth_signature_method","HMAC-SHA1"]);
    OAuth.SignatureMethod.sign(message, accessor);
    var key = OAuth.percentEncode(consumerSecret) +"&"+OAuth.percentEncode(tokenSecret);
    var signature = b64_hmac_sha1(key,OAuth.SignatureMethod.getBaseString(message));
    alert("Signature: " +signature);
    alert("NormalizedParameters : "+ OAuth.SignatureMethod.normalizeParameters(message.parameters));
    alert("SignatureBaseString : " + OAuth.SignatureMethod.getBaseString(message));
    alert("Signature : " + OAuth.getParameter(message.parameters, "oauth_signature"));
    alert("AuthorizationHeader : " + OAuth.getAuthorizationHeader("http://yahooapis.com/", message.parameters));
    alert("URL : " + "http://social.yahooapis.com/v1/user/"+guid+"/ contacts?"+OAuth.SignatureMethod.normalizeParameters(message.parameters)
    +"&oauth_signature="+OAuth.percentEncode(OAuth.getParameter(message.parameters,'oauth_signature')));
    var url ="http://social.yahooapis.com/v1/user/"+guid+"/contacts?"+OAuth.SignatureMethod.normalizeParameters(message.parameters)
    +"&oauth_signature="+OAuth.percentEncode(OAuth.getParameter(message.parameters,'oauth_signature'));

    xmlhttpPost(url);

    function xmlhttpPost(strURL) {
    var xmlHttpReq = false;
    var self = this;
    // Mozilla/Safari
    if (window.XMLHttpRequest) {
    self.xmlHttpReq = new XMLHttpRequest();
    }
    // IE
    else if (window.ActiveXObject) {
    self.xmlHttpReq = new ActiveXObject("Microsoft.XMLHTTP");
    }
    self.xmlHttpReq.open('GET', strURL, true);
    self.xmlHttpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
    self.xmlHttpReq.setRequestHeader('Authorization', 'OAuth');
    self.xmlHttpReq.onreadystatechange = function() {
    if (self.xmlHttpReq.readyState == 4) {
    updatepage(self.xmlHttpReq.responseText);
    }
    }
    self.xmlHttpReq.send();
    }

    function updatepage(str){
    document.getElementById("oauthBox").value += str;
    }
    </script>
    <body>
    <textarea id="oauthBox" rows=20 cols=120></textarea>
    </body>
    </HTML>

    Hope this helps to satisfy the hunger for Yahoo OAuth using Javascript.

    Thanks,
    Test SCF


    Can you please provide you basestring, I am still confused about Oauth_token?
    0
  • Hey i'm getting

    <yahoo:description>Please provide valid credentials. OAuth oauth_problem="signature_invalid", realm="yahooapis.com"</yahoo:description>

    how to resolve this

    QUOTE (Test @ Feb 17 2010, 07:50 AM) <{POST_SNAPBACK}>
    Finally I have figured out the solution in Javascript only.The signature.html from the sample http://oauth.googlecode.com/svn/code/javas.../signature.html was really helpful to fix this issue.

    The main fix was the Access token send to yahoo which should be decoded correctly in JS which was different from Java.
    I have provided the code snippet here in HTML which you can verify in IE browser(I am not sure why it didn't work in other browsers)
    But any way the main concept of javascript will work fine- I have added a text area to display the contacts in XML format using AJAX.
    Provide the necessary values and check whether the values are coming correctly using the alerts.

    The URL here is to access the Contacts from Yahoo API i.e: http://social.yahooapis.com/v1/user/".../contacts"

    JS Code
    -------------
    <HTML>
    <head>
    <script type="text/javascript" src="http://oauth.googlecode.com/svn/code/javascript/sha1.js"></script>
    <script type="text/javascript" src="http://oauth.googlecode.com/svn/code/javascript/oauth.js"></script>
    </head>
    <script language="javascript">
    var oauth_consumer_key ="<Provide your Consumer Key here>";
    var oauth_token = "<Provide your Access Token here>"; // This should be double decoded- if it stars with A%25%25%3DkLa, it should be A=kLa
    var consumerSecret = "<Provide your Consumer Secret here>";
    var tokenSecret = "<Provide your Token Secret here>";
    var guid = "<Provide your Yahoo GUID here>";
    var timeStamp1 = OAuth.timestamp();
    var nonce1 = OAuth.nonce(11);
    var accessor = { consumerSecret: consumerSecret
    , tokenSecret : tokenSecret};
    var message = { method: "GET"
    , action: "http://social.yahooapis.com/v1/user/"+guid+"/contacts"
    ,parameters:[]
    };
    message.parameters.push(["oauth_version","1.0"]);
    message.parameters.push(["oauth_consumer_key",oauth_consumer_key]);
    message.parameters.push(["oauth_token",oauth_token]);
    message.parameters.push(["oauth_timestamp",timeStamp1]);
    message.parameters.push(["oauth_nonce",nonce1]);
    message.parameters.push(["oauth_signature_method","HMAC-SHA1"]);
    OAuth.SignatureMethod.sign(message, accessor);
    var key = OAuth.percentEncode(consumerSecret) +"&"+OAuth.percentEncode(tokenSecret);
    var signature = b64_hmac_sha1(key,OAuth.SignatureMethod.getBaseString(message));
    alert("Signature: " +signature);
    alert("NormalizedParameters : "+ OAuth.SignatureMethod.normalizeParameters(message.parameters));
    alert("SignatureBaseString : " + OAuth.SignatureMethod.getBaseString(message));
    alert("Signature : " + OAuth.getParameter(message.parameters, "oauth_signature"));
    alert("AuthorizationHeader : " + OAuth.getAuthorizationHeader("http://yahooapis.com/", message.parameters));
    alert("URL : " + "http://social.yahooapis.com/v1/user/"+guid+"/ contacts?"+OAuth.SignatureMethod.normalizeParameters(message.parameters)
    +"&oauth_signature="+OAuth.percentEncode(OAuth.getParameter(message.parameters,'oauth_signature')));
    var url ="http://social.yahooapis.com/v1/user/"+guid+"/contacts?"+OAuth.SignatureMethod.normalizeParameters(message.parameters)
    +"&oauth_signature="+OAuth.percentEncode(OAuth.getParameter(message.parameters,'oauth_signature'));

    xmlhttpPost(url);

    function xmlhttpPost(strURL) {
    var xmlHttpReq = false;
    var self = this;
    // Mozilla/Safari
    if (window.XMLHttpRequest) {
    self.xmlHttpReq = new XMLHttpRequest();
    }
    // IE
    else if (window.ActiveXObject) {
    self.xmlHttpReq = new ActiveXObject("Microsoft.XMLHTTP");
    }
    self.xmlHttpReq.open('GET', strURL, true);
    self.xmlHttpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
    self.xmlHttpReq.setRequestHeader('Authorization', 'OAuth');
    self.xmlHttpReq.onreadystatechange = function() {
    if (self.xmlHttpReq.readyState == 4) {
    updatepage(self.xmlHttpReq.responseText);
    }
    }
    self.xmlHttpReq.send();
    }

    function updatepage(str){
    document.getElementById("oauthBox").value += str;
    }
    </script>
    <body>
    <textarea id="oauthBox" rows=20 cols=120></textarea>
    </body>
    </HTML>

    Hope this helps to satisfy the hunger for Yahoo OAuth using Javascript.

    Thanks,
    Test SCF
    0
  • Hey i'm getting

    <yahoo:description>Please provide valid credentials. OAuth oauth_problem="signature_invalid", realm="yahooapis.com"</yahoo:description>

    how to resolve this

    QUOTE (Test @ Feb 17 2010, 07:50 AM) <{POST_SNAPBACK}>
    Finally I have figured out the solution in Javascript only.The signature.html from the sample http://oauth.googlecode.com/svn/code/javas.../signature.html was really helpful to fix this issue.

    The main fix was the Access token send to yahoo which should be decoded correctly in JS which was different from Java.
    I have provided the code snippet here in HTML which you can verify in IE browser(I am not sure why it didn't work in other browsers)
    But any way the main concept of javascript will work fine- I have added a text area to display the contacts in XML format using AJAX.
    Provide the necessary values and check whether the values are coming correctly using the alerts.

    The URL here is to access the Contacts from Yahoo API i.e: http://social.yahooapis.com/v1/user/".../contacts"

    JS Code
    -------------
    <HTML>
    <head>
    <script type="text/javascript" src="http://oauth.googlecode.com/svn/code/javascript/sha1.js"></script>
    <script type="text/javascript" src="http://oauth.googlecode.com/svn/code/javascript/oauth.js"></script>
    </head>
    <script language="javascript">
    var oauth_consumer_key ="<Provide your Consumer Key here>";
    var oauth_token = "<Provide your Access Token here>"; // This should be double decoded- if it stars with A%25%25%3DkLa, it should be A=kLa
    var consumerSecret = "<Provide your Consumer Secret here>";
    var tokenSecret = "<Provide your Token Secret here>";
    var guid = "<Provide your Yahoo GUID here>";
    var timeStamp1 = OAuth.timestamp();
    var nonce1 = OAuth.nonce(11);
    var accessor = { consumerSecret: consumerSecret
    , tokenSecret : tokenSecret};
    var message = { method: "GET"
    , action: "http://social.yahooapis.com/v1/user/"+guid+"/contacts"
    ,parameters:[]
    };
    message.parameters.push(["oauth_version","1.0"]);
    message.parameters.push(["oauth_consumer_key",oauth_consumer_key]);
    message.parameters.push(["oauth_token",oauth_token]);
    message.parameters.push(["oauth_timestamp",timeStamp1]);
    message.parameters.push(["oauth_nonce",nonce1]);
    message.parameters.push(["oauth_signature_method","HMAC-SHA1"]);
    OAuth.SignatureMethod.sign(message, accessor);
    var key = OAuth.percentEncode(consumerSecret) +"&"+OAuth.percentEncode(tokenSecret);
    var signature = b64_hmac_sha1(key,OAuth.SignatureMethod.getBaseString(message));
    alert("Signature: " +signature);
    alert("NormalizedParameters : "+ OAuth.SignatureMethod.normalizeParameters(message.parameters));
    alert("SignatureBaseString : " + OAuth.SignatureMethod.getBaseString(message));
    alert("Signature : " + OAuth.getParameter(message.parameters, "oauth_signature"));
    alert("AuthorizationHeader : " + OAuth.getAuthorizationHeader("http://yahooapis.com/", message.parameters));
    alert("URL : " + "http://social.yahooapis.com/v1/user/"+guid+"/ contacts?"+OAuth.SignatureMethod.normalizeParameters(message.parameters)
    +"&oauth_signature="+OAuth.percentEncode(OAuth.getParameter(message.parameters,'oauth_signature')));
    var url ="http://social.yahooapis.com/v1/user/"+guid+"/contacts?"+OAuth.SignatureMethod.normalizeParameters(message.parameters)
    +"&oauth_signature="+OAuth.percentEncode(OAuth.getParameter(message.parameters,'oauth_signature'));

    xmlhttpPost(url);

    function xmlhttpPost(strURL) {
    var xmlHttpReq = false;
    var self = this;
    // Mozilla/Safari
    if (window.XMLHttpRequest) {
    self.xmlHttpReq = new XMLHttpRequest();
    }
    // IE
    else if (window.ActiveXObject) {
    self.xmlHttpReq = new ActiveXObject("Microsoft.XMLHTTP");
    }
    self.xmlHttpReq.open('GET', strURL, true);
    self.xmlHttpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
    self.xmlHttpReq.setRequestHeader('Authorization', 'OAuth');
    self.xmlHttpReq.onreadystatechange = function() {
    if (self.xmlHttpReq.readyState == 4) {
    updatepage(self.xmlHttpReq.responseText);
    }
    }
    self.xmlHttpReq.send();
    }

    function updatepage(str){
    document.getElementById("oauthBox").value += str;
    }
    </script>
    <body>
    <textarea id="oauthBox" rows=20 cols=120></textarea>
    </body>
    </HTML>

    Hope this helps to satisfy the hunger for Yahoo OAuth using Javascript.

    Thanks,
    Test SCF
    0

Recent Posts

in Contacts