1

Signature generation fail - invalid signature error

In my magento-based website i need to implement login with Yahoo. So getting first 5 steps from guide - are OK yousing PLAINTEXT signature generating.

https://developer.yahoo.com/oauth/guide/oauth-refreshaccesstoken.html So currently all of this - works OK, I'm receiving "Access Token", and secret part of it.

The last step ("Using OAuth in Yahoo API Requests") - getting profile info - don't work with PLAINTEXT signature method, so i had to implement HMAC-SHA1 generating. But every single try failed. I've implemented generating of signature step-by-step by manuals from oauth.net, but nothing helps. Googling the problem with generating proper signature failed too.

So the code:

         $url    = str_replace('{guid}',$params['xoauth_yahoo_guid'],self::URL_REQUEST_USER_DATA);
         $key    = $consumer_secret.'&'.$params['oauth_token_secret'];
         $oauth_nonce       = Mage::helper('ajaxlogin/yahoo')->getOauthNonce();//getting nonce

         /*
          *  1. create "Signature Base String"
         */
         $signature_params  = 'oauth_consumer_key='.urlencode($consumer_key).'&';
         $signature_params .= 'oauth_nonce='.$oauth_nonce.'&';
         $signature_params .= 'oauth_signature_method=HMAC-SHA1'.'&';
         $signature_params .= 'oauth_timestamp='.time().'&';
         $signature_params .= 'oauth_token='.urlencode($params['oauth_token']).'&';
         $signature_params .= 'oauth_version=1.0';

         $signature_base_string ='GET&'.urlencode($url).'&'.urlencode($signature_params);
         $oauth_signature = base64_encode(hash_hmac('sha1', $signature_base_string, $key,true));

        /*
          *  2.  create Authorize HEADER string
         */
         $header_params  = array(
             'oauth_consumer_key'     => $consumer_key,
             'oauth_nonce'            => $oauth_nonce,
             'oauth_signature_method' => 'HMAC-SHA1',
             'oauth_timestamp'        => time(),
             'oauth_token'            => $params['oauth_token'],
             'oauth_version'          =>'1.0',
             'oauth_signature'        =>$oauth_signature
         );
         $auth_params = '';
         foreach($header_params as $key=>$value){
             $auth_params .= $key.'="'.urlencode($value).'",';
         }
         $auth_params = substr($auth_params,0,strlen($auth_params)-1);//remove last  `,` symbol


        /*
          * 3. send request
         */
         $ch = curl_init();
         curl_setopt($ch, CURLOPT_URL,$url);
         curl_setopt($ch, CURLOPT_HTTPHEADER,array('Authorization: OAuth '.$auth_params));
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
         $response = curl_exec ($ch);
         curl_close ($ch);

Variables dump:

// and finally we got this one (and it's wrong, damn):
$oauth_signature = 'aaCKgUFPJInfzTQka+l7hXlt6GI=';

This returns eror: Please provide valid credentials. OAuth oauth_problem=OST_OAUTH_SIGNATURE_INVALID_ERROR

What am I doing wrong? I've tried to implement oauth just by RFC and oauth.net documentation, but that dont work.

Thanks for advice, Stanislav.

by
1 Reply
  • Variables dump:

    URL:
    http s:// social.yahooapis.com/v1/user/24QA3JORTG2FYKAFC4QFMKT5GE/profile
    
    
    Signature Base String:
    
    GET&https%3A%2F%2Fsocial.yahooapis.com%2Fv1%2Fuser%2F24QA3JORTG2FYKAFC4QFMKT5GE%2Fprofile&oauth_consumer_key%3Ddj0yJmk9ak1lcERaUnNER0ZhJmQ9WVdrOVkzUndiMDVLTXpRbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1hMA--%26oauth_nonce%3Dib8MgeY8zSP4QhOlivzI%2FA1g2CgxDo2RjwdeTwJPg4kSTVVbmwBnNQ%3D%3D%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1408464098%26oauth_token%3DA%25253DS7xsVWbjmDo.KH.eIw84OC6Co6iMrphfYonW4UZvXgvHsQMMZvS6SK6fQiUs7_WaEvt7GwbPSUM8Q0IJ_cuDFIIiaBPGgXMfwBGkyxctbnfrbLdEWpL.V.sO7HQr5ZbZvxTrqG_J31t2Tp79EZlp7zfizuREHRmls9LYgsbH6QcABF.RQgKLLDX.OhZ2FNUMm83QdKgQiqus9pfEcadwiJCryzztHyZ6vbA5_PvR_XqejMBJo3OC54pi4jRNurP0o6D9D42Wp9b5VNHHCsR3.CgE_czSbjCcIQyndMfg.0DxnXq0RmDB3kxKAwTfD.I8TEU7Z01h49SBYdZWy8leBa0hHOhRd0RSlkEeSWLcNmGvRP_bgNpiNcAoOhh7mEIP2z2Nkn_toMdj5kEGOVcvOPdVnIAotucNiaMvc5e_oUxQFyHfWtY3nVQxZoX4cKYewx8SRB93KtUXn467EwpnQmbb2uhrYkibK1kUisxwBQa7zRvLBxDYVF9LzZ_bnCzGEy32._iaQrosMzUejQv0FeukXMpMCKuYBw3lB2J6d8V2gHPnl5d8fB.iMo7DnzAiSMRI4LOcc0ubJrffl.ixIQ.fQVOXVIGwwCX8sGKKkdZClTOf9N4jG2bAxmpSYsXJJQArViFu4SbPVPs5LXgP.8LEycOpSxWV558Rf_tE3tdlpLVqUJIW1tUgsDTFNUzEqmoKgO5t4PWMZ_thLtpsvrducOtR7r6D1NejpOaeVthCJWZL2LVlZYF2g_j4XH2R8Kcu9g.LgVtB9KgrwVNDIhtJTJ3hUlotZmS3EVeblaNylpyoqG8hUbqnEGa0QZw-%26oauth_version%3D1.0
    
    
    Auth Header line:
    
    oauth_consumer_key="dj0yJmk9ak1lcERaUnNER0ZhJmQ9WVdrOVkzUndiMDVLTXpRbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1hMA--",oauth_nonce="ib8MgeY8zSP4QhOlivzI%2FA1g2CgxDo2RjwdeTwJPg4kSTVVbmwBnNQ%3D%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1408464101",oauth_token="A%253DS7xsVWbjmDo.KH.eIw84OC6Co6iMrphfYonW4UZvXgvHsQMMZvS6SK6fQiUs7_WaEvt7GwbPSUM8Q0IJ_cuDFIIiaBPGgXMfwBGkyxctbnfrbLdEWpL.V.sO7HQr5ZbZvxTrqG_J31t2Tp79EZlp7zfizuREHRmls9LYgsbH6QcABF.RQgKLLDX.OhZ2FNUMm83QdKgQiqus9pfEcadwiJCryzztHyZ6vbA5_PvR_XqejMBJo3OC54pi4jRNurP0o6D9D42Wp9b5VNHHCsR3.CgE_czSbjCcIQyndMfg.0DxnXq0RmDB3kxKAwTfD.I8TEU7Z01h49SBYdZWy8leBa0hHOhRd0RSlkEeSWLcNmGvRP_bgNpiNcAoOhh7mEIP2z2Nkn_toMdj5kEGOVcvOPdVnIAotucNiaMvc5e_oUxQFyHfWtY3nVQxZoX4cKYewx8SRB93KtUXn467EwpnQmbb2uhrYkibK1kUisxwBQa7zRvLBxDYVF9LzZ_bnCzGEy32._iaQrosMzUejQv0FeukXMpMCKuYBw3lB2J6d8V2gHPnl5d8fB.iMo7DnzAiSMRI4LOcc0ubJrffl.ixIQ.fQVOXVIGwwCX8sGKKkdZClTOf9N4jG2bAxmpSYsXJJQArViFu4SbPVPs5LXgP.8LEycOpSxWV558Rf_tE3tdlpLVqUJIW1tUgsDTFNUzEqmoKgO5t4PWMZ_thLtpsvrducOtR7r6D1NejpOaeVthCJWZL2LVlZYF2g_j4XH2R8Kcu9g.LgVtB9KgrwVNDIhtJTJ3hUlotZmS3EVeblaNylpyoqG8hUbqnEGa0QZw-",oauth_version="1.0",oauth_signature="aaCKgUFPJInfzTQka%2Bl7hXlt6GI%3D"
    
    
    // and finally we got this one (and it's wrong, damn):
    $oauth_signature = 'aaCKgUFPJInfzTQka+l7hXlt6GI=';
    
    1

Recent Posts

in General Discussion at YDN