0

Yahoo Social Platform - AS3 signature_invalid

Here's my AIR application, I'm having some issues with the any calls after I've successfully received the Access Token. In the doSubmit() function, am I creating the oauth_signature correction? I'm not clear about what I'm doing wrong...

Any help would be greatly appreciated.

CODE
<?xml version="1.0" encoding="utf-8"?>
<mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute"
creationComplete="requestToken();">
<mx:Script>
<![CDATA[

import com.yahoo.social.YahooUser;
import com.yahoo.oauth.OAuthToken;
import com.yahoo.social.events.YahooResultEvent;
import com.yahoo.oauth.OAuthUtil;
import com.yahoo.oauth.OAuthConsumer;
import com.yahoo.oauth.OAuthRequest;
import com.yahoo.social.YahooSession;
import com.yahoo.oauth.OAuthConnection;
public static const CONSUMER_KEY:String = "MY_CONSUMER_KEY";
public static const CONSUMER_SECRET:String = "MY_CONSUMER_SECRET";
public static const APP_ID:String = "MY_APP_ID";

public static const REQ_URL:String = "https://api.login.yahoo.com/oauth/v2/get_request_token";

private var yahooSession:YahooSession;
private var consumer:OAuthConsumer;
private var _token:OAuthToken;
private var _user:YahooUser;

public function requestToken():void {
yahooSession = new YahooSession(CONSUMER_KEY, CONSUMER_SECRET, APP_ID);
consumer = new OAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET);
yahooSession.auth.addEventListener(YahooResultEvent.GET_REQUEST_TOKEN_SUCCESS, handleRequestTokenSuccess);
yahooSession.auth.getRequestToken("oob");
}

private function handleRequestTokenSuccess(event:YahooResultEvent):void
{
// save the request token and use it to send the user to the authorize page
// then after the user has finished, use it again to request an access token.

_token = event.data as OAuthToken;
yahooSession.auth.sendToAuthorization(_token);
}

private function doEnter():void {
// fetch the oauth_verifier. this string may be typed
// into your application by the user or returned via the callback url.
var verifier:String = ti.text;

yahooSession.auth.addEventListener(YahooResultEvent.GET_ACCESS_TOKEN_SUCCESS, handleAccessTokenSuccess);
yahooSession.auth.addEventListener(YahooResultEvent.GET_ACCESS_TOKEN_FAILURE, handleFailure);
yahooSession.auth.getAccessToken(_token, verifier);
}

private function handleAccessTokenSuccess(event:YahooResultEvent):void
{
// save the access token and create a new session.
_token = event.data as OAuthToken;
button.enabled = false;
// set the sessions token.
yahooSession.setAccessToken(_token);
_user = yahooSession.getSessionedUser();
}

private function doSubmit():void {

var args:Object = new Object();
args.format = "xml";
args.oauth_version = "1.0";
var date:Date = new Date();

args.oauth_signature = OAuthUtil.hmac_sha1(CONSUMER_SECRET + "&" + _token.secret, _token.key);
args.oauth_consumer_key = CONSUMER_KEY;
args.oauth_signature_method = "HMAC-SHA1";
args.oauth_timestamp = OAuthUtil.generate_timestamp(date);
args.oauth_nonce = OAuthUtil.generate_nonce(date);
args.realm="yahooapis.com";

var callback:Object = new Object();
callback.success = handleSuccess;
callback.failure = handleFailure;
var connection:OAuthConnection = OAuthConnection.fromConsumerAndToken(consumer, _token);
connection.asyncRequestSigned("GET", urlTI.text, callback, args);

}

private function handleSuccess(response:Object):void
{
trace(response.responseText);
var xml:XML = response.responseXML; // grab the parsed xml object.
resultTA.text = xml.toString();
}

private function handleFailure(response:Object):void
{
trace(response);
}
]]>
</mx:Script>
<mx:HBox width="100%" x="0" height="40">
<mx:Label text="Authorization Code"/>
<mx:TextInput id="ti"/>
<mx:Button label="Submit" click="doEnter()" id="button" />
</mx:HBox>
<mx:HBox width="100%" x="0" y="50" height="40" >
<mx:TextInput width="100%" id="urlTI" text="http://fantasysports.yahooapis.com/fantasy/v2/users;use_login=1" />
<mx:Button label="Submit" click="doSubmit()" />
</mx:HBox>


<mx:TextArea y="100" height="100%" width="100%" id="resultTA" />

</mx:WindowedApplication>

by
1 Reply
  • It looks like, when you're generating the signature, you're just signing the token key? But you really need to be signing the "base string" for the request. This page goes into a little detail about what that means:

    http://developer.yahoo.com/oauth/guide/oauth-signing.html

    And this comment has a PHP code example:

    http://developer.yahoo.net/forum/index.php...ost&p=20142

    Basic flow:

    1) Formulate your oauth params, basically urlencoding all values.
    2) Construct your base string, urlencoding the method, URL, and params (delimited by non-urlencoded '&'s)
    3) Generate the secret, which is the urlencoded consumer secret concatenated with the urlencoded access token secret (delimited by non-urlencoded '&'s)
    4) Generate the signature, which is the base64 encoding of the HMAC-SHA1 hash of the base string by the secret.
    5) Append the params and the urlencoded signature to the request to generate the final request.

    Does that help?
    0

Recent Posts

in Fantasy Sports API