signature_invalid with new access token

Using signpost I'm getting an access token and secret using the verifier acquired from the oauth process. I build the yql url and sign the request but I always get the 401 signature_invalid response.

Heres the post

HttpPost request = new HttpPost("http://query.yahooapis.com/v1/yql?q=select%20*%20from%20fantasysports.games%20where%20game_key%3D%22238%22&diagnostics=true");

Heres the auth header that signpost creates when I sign the request.

Authorization: OAuth oauth_token="A%3D6F963Mf5ggSP2X1.SYKe2ATDDmK2HIME1ORo8tSJAg7qEmNe35.uhb6z9ANQB4zWp8EkXPhXoo.e7H
y1UJWkzYu3Ow_R6LHNMoq_pxl2Sr6.kM-", oauth_verifier="2mdxak", oauth_consumer_key="dj0yJmk9YmF4ak5jNk1DVU1JJmQ9WVdrOVVWaGxVa1ZNTmpJbWNHbzlNVFV4TmpNMU5qWTJNZy0
tJnM9Y29uc3VtZXJzZWNyZXQmeD05Yg--", oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1294441654", oauth_nonce="-1729776682669736594", oauth_signature="aD0Aqd5alLJbmr9FpKMXwqbcNk8%3D"

This is the response from the yahoo api.

Authentication error: Unable to respond to any of these challenges: {oauth=WWW-Authenticate: OAuth oauth_problem="signature_invalid", realm="yahooapis.com"}

Can anyone see anything wrong with this? Why can I get the token with no issues but the api query call fails. Is singpost compatible with Yahoo?


3 Replies
  • I found it was necessary to double-URLEncode the token value. I'm using the Hammock library in C#, and it didn't handle this automatically. Hopefully that helps!
  • If Ben's suggestion doesn't work, do you think you'd be able to post a bit more of the code that you're using (specifically the parts where you set all of the OAuth parameters, presumably into some Signpost object; specifically NOT your Consumer Key or any of your secrets. :D)? The signature stuff is always interesting, even if nice interfaces like Signpost are supposed to abstract most of it away. The part I'm most worried about is that you're including extra query parameters as part of your base URL, and I know those need to be separated when you actually get down to generating the signature, so I'm wondering if Signpost possibly doesn't handle that gracefully.
  • QUOTE (Ben Betz @ Jan 20 2011, 03:21 PM) <{POST_SNAPBACK}>
    I found it was necessary to double-URLEncode the token value. I'm using the Hammock library in C#, and it didn't handle this automatically. Hopefully that helps!

    Hey Ben, I am also using Hammock. I was wondering where and what you are double encoding? I am having issues with my key as well when making API requests. See my latest post from today. Thanks!

Recent Posts

in Fantasy Sports API