0

signature_invalid with new access token

Using signpost I'm getting an access token and secret using the verifier acquired from the oauth process. I build the yql url and sign the request but I always get the 401 signature_invalid response.

Heres the post

HttpPost request = new HttpPost("http://query.yahooapis.com/v1/yql?q=select%20*%20from%20fantasysports.games%20where%20game_key%3D%22238%22&diagnostics=true");

Heres the auth header that signpost creates when I sign the request.

Authorization: OAuth oauth_token="A%3D6F963Mf5ggSP2X1.SYKe2ATDDmK2HIME1ORo8tSJAg7qEmNe35.uhb6z9ANQB4zWp8EkXPhXoo.e7H
VAQ2vzSUZenWaSQka8FZc7HcXRCEWywrbGaId1i.rUsiVVF3LtcX5m0sRkto_cSS35BNI6RC1b3kiFfkC
LojiSiQGPnfq4UjXJs0ABJ4fry250JJGp1YCorsVUuq7K9p6igspv2KdsO13jSiRG7uOVCxfq0J1p3V_V
GIqOvh4ECZDezTV8rf6A2BLmPOpxuHcxFpLNNkBaP9Nhn3LfIy3Don67pHsVal1lmWdk4W8HNSuABHKBg
5SuEl50kaaGNwI_cg7xdYYurWaimjL.ELbigBji_CUUWXlOkd9VgAQbxT1dJBP72fOOxaqYltPfnZsI5b
4mWnLmj8ujac1iYl4m3cqVUeAwW729ZBnign_t3VxTQd6yk895aKi7rdJb.R1zKLmOcP9nLFgzlOioWZA
1P61dlcwIcr_8yCIt6uNVcHTOzL1508ycWRGeUbW0ITTAN17pR_tu_pkW55u7DWYnyziXMboKYzHK21Az
XqIlqR7eASie4CyTbPi707dnDAeCdqaGNhsvZtr8Xe.nRujoGJZxFifuoRSLibfqAH21ZhBRK9f2vKTUe
up.1T35.URRNUWIWFJF.XppNzqQ12TVsV36c1Lx8qGEfgGgzvw1zrAvE_SwumHiuFRY_7yNFpnyjpCJyv
U9O5rraxopUtgm_nTC_5xQWUI7.nMf3GB6SHNg4ROH8uVO5uNybLf.WbfWwOKvPGFD7aXlTyc3ydvobPu
y1UJWkzYu3Ow_R6LHNMoq_pxl2Sr6.kM-", oauth_verifier="2mdxak", oauth_consumer_key="dj0yJmk9YmF4ak5jNk1DVU1JJmQ9WVdrOVVWaGxVa1ZNTmpJbWNHbzlNVFV4TmpNMU5qWTJNZy0
tJnM9Y29uc3VtZXJzZWNyZXQmeD05Yg--", oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1294441654", oauth_nonce="-1729776682669736594", oauth_signature="aD0Aqd5alLJbmr9FpKMXwqbcNk8%3D"

This is the response from the yahoo api.

Authentication error: Unable to respond to any of these challenges: {oauth=WWW-Authenticate: OAuth oauth_problem="signature_invalid", realm="yahooapis.com"}


Can anyone see anything wrong with this? Why can I get the token with no issues but the api query call fails. Is singpost compatible with Yahoo?


thanks
aaron

by
3 Replies
  • I found it was necessary to double-URLEncode the token value. I'm using the Hammock library in C#, and it didn't handle this automatically. Hopefully that helps!
    0
  • If Ben's suggestion doesn't work, do you think you'd be able to post a bit more of the code that you're using (specifically the parts where you set all of the OAuth parameters, presumably into some Signpost object; specifically NOT your Consumer Key or any of your secrets. :D)? The signature stuff is always interesting, even if nice interfaces like Signpost are supposed to abstract most of it away. The part I'm most worried about is that you're including extra query parameters as part of your base URL, and I know those need to be separated when you actually get down to generating the signature, so I'm wondering if Signpost possibly doesn't handle that gracefully.
    0
  • QUOTE (Ben Betz @ Jan 20 2011, 03:21 PM) <{POST_SNAPBACK}>
    I found it was necessary to double-URLEncode the token value. I'm using the Hammock library in C#, and it didn't handle this automatically. Hopefully that helps!


    Hey Ben, I am also using Hammock. I was wondering where and what you are double encoding? I am having issues with my key as well when making API requests. See my latest post from today. Thanks!
    0

Recent Posts

in Fantasy Sports API