0

[Need Help!] I can open the session by HMAC-SHA1 method with the correct signature, but I can't do the same with others APIs (signature_invalid)

I am in the same boat with Ali Veli. I don't know why the hmac-sha1 signature works on the requesting session ID step, but it doesn't work with the next steps (I've already re-generate the HMAC-SHA1 signature using the same way as I generate at the requesting seesion ID step)

PS . I can't call /v1/session/keepalive?sid=msgrsessionid¬ifyServerToken=1, the sever throw "signature_invalid" 

Please help! 

----- Original message from Ali Veli ----

I receive "signature_invalid" response when I try to get session information after successfully creating the Yahoo! Messenger session.

The signature method is "HMAC-SHA1" which works perfect on the previous steps (token receiving, refreshing the token, logging-in, obtain the crumb).

What could be the problem?
When I change the signature method to "PLAINTEXT" everything is OK.


Wireshark outputs of the 2 subsequent requests.

YAHOO! DOCUMENTATION:
http://developer.yahoo.com/messenger/guide/ch02s03.html#apisessionmanagement


---CREATE SESSION---

    POST /v1/session HTTP/1.1
    Authorization: OAuth realm="yahooapis.com", oauth_consumer_key="dj0yJmk9YzRBTXdhYTVsT091JmQ9WVdrOU4ydGtaVXBZTnpBbWNHbzlNVFkwTXpJMk9UWXkmcz1jb25zdW1lcnNlY3JldCZ4PWJm", oauth_nonce="8320658", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1317125087", oauth_token="A%3DfGcrDz_JmA8g.BKAfclmFHpxQNyl0P9sSfg90XJ8HRQz4m2wd624hc1._U7_1A5vnSibCpxyqPBAKWwo63HdfdB_HLC8e6cfql1BWfK5GfZaee8L6gwcMOHJAJ4lGkpuXby5xb0bXMWmIfLQ7UJSUI5MElgCjB2zUb2MZHhadRjF2Y4b2CtQAY2M9idf8_qq6j6DOIFhDrAWrq.wA0oSQjRLS4HQRPFGQTEtpopoCo7_HBb..cL67pIXIWGRGGmuXSJ3CUdQgX_U5.cYGTyVlcTrEhNO8sJBoQNXz2k3H29NJVQU.a0trwgPfJ5d4snJFxz_BJHgjp87BYpox0YvaTPOZEgODptrRH8SIOAn7B5GHtfpDzQ0kRoPwoHz5Zl5G59.rgfvV2vExNUIxcISGURXR9qklRPH1b4YiXNHrQu3f6FyULbWYzrYs4G2g8A57zVpvwXAJ71A0W43AzI4b7OcfeFrUP8AhPIw9JmebZEkrhBd7vd7nqeV3Wt9_dQjqnCstJ_Vqnwv.ABGPPX8WHTTyeoUzuZBPeOGTq2tFSwVWZ9tZb8LnG5Po8RO3CU2vM5RuaJ99eHEDm9XK_adCccQpHn3FFZo0rbr3Duj4D1oHmlI_RAxljpICFbQ9hqbTCLCfKsSsGUSCWZWeGBCwZQ8TnUhaAfBFGDV1bZZ_j0OPvar.wUmKojvha1kNqQV2Act.9NYiUCfrxNJWSLr06NXLsTf1z31sQjJxLigNQEFM9MjqrkiTe7uvaxqtTgv48ySykI8iYra", oauth_version="1.0", oauth_signature="MEtO%2Fh4U52Ltsjywo%2FmpLtXALpg%3D"
    Content-Type: application/json;charset=utf-8
    User-Agent: YahooMessenger/1.0 (Messenger; 1.0.0.1)
    Host: developer.messenger.yahooapis.com
    Content-Length: 19
    Expect: 100-continue
    
    HTTP/1.1 100 Continue
    
    {"presenceState":0}
    HTTP/1.1 200 OK
    Date: Tue, 27 Sep 2011 12:04:58 GMT
    P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
    cache-control: public,must-revalidate
    content-length: 267
    content-type: application/json;charset=utf-8
    Vary: Accept-Encoding
    Connection: close
    
    {"sessionId":"FpmvPAHs3BuB6PPQyDYZMZgeQw8YsqlJxItX","primaryLoginId":"myyahooid","displayInfo":{"avatarPreference":"0"},"server":"rcore2.messenger.yahooapis.com","notifyServer":"rproxy2.messenger.yahooapis.com","constants":{"presenceSubscriptionsMaxPerRequest":500}}

---GET THE SESSION INFORMATION---

    GET /v1/session?sid=FpmvPAHs3BuB6PPQyDYZMZgeQw8YsqlJxItX HTTP/1.1
    Authorization: OAuth realm="yahooapis.com", oauth_consumer_key="dj0yJmk9YzRBTXdhYTVsT091JmQ9WVdrOU4ydGtaVXBZTnpBbWNHbzlNVFkwTXpJMk9UWXkmcz1jb25zdW1lcnNlY3JldCZ4PWJm", oauth_nonce="223427", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1317125098", oauth_token="A%3DfGcrDz_JmA8g.BKAfclmFHpxQNyl0P9sSfg90XJ8HRQz4m2wd624hc1._U7_1A5vnSibCpxyqPBAKWwo63HdfdB_HLC8e6cfql1BWfK5GfZaee8L6gwcMOHJAJ4lGkpuXby5xb0bXMWmIfLQ7UJSUI5MElgCjB2zUb2MZHhadRjF2Y4b2CtQAY2M9idf8_qq6j6DOIFhDrAWrq.wA0oSQjRLS4HQRPFGQTEtpopoCo7_HBb..cL67pIXIWGRGGmuXSJ3CUdQgX_U5.cYGTyVlcTrEhNO8sJBoQNXz2k3H29NJVQU.a0trwgPfJ5d4snJFxz_BJHgjp87BYpox0YvaTPOZEgODptrRH8SIOAn7B5GHtfpDzQ0kRoPwoHz5Zl5G59.rgfvV2vExNUIxcISGURXR9qklRPH1b4YiXNHrQu3f6FyULbWYzrYs4G2g8A57zVpvwXAJ71A0W43AzI4b7OcfeFrUP8AhPIw9JmebZEkrhBd7vd7nqeV3Wt9_dQjqnCstJ_Vqnwv.ABGPPX8WHTTyeoUzuZBPeOGTq2tFSwVWZ9tZb8LnG5Po8RO3CU2vM5RuaJ99eHEDm9XK_adCccQpHn3FFZo0rbr3Duj4D1oHmlI_RAxljpICFbQ9hqbTCLCfKsSsGUSCWZWeGBCwZQ8TnUhaAfBFGDV1bZZ_j0OPvar.wUmKojvha1kNqQV2Act.9NYiUCfrxNJWSLr06NXLsTf1z31sQjJxLigNQEFM9MjqrkiTe7uvaxqtTgv48ySykI8iYra", oauth_version="1.0", oauth_signature="7dL6PEMn5ZUmtwOcwMITbApki8k%3D"
    Content-Type: application/json;charset=utf-8
    User-Agent: YahooMessenger/1.0 (Messenger; 1.0.0.1)
    Host: rcore2.messenger.yahooapis.com
    Connection: Keep-Alive
    
    HTTP/1.1 401 Authorization Required
    Date: Tue, 27 Sep 2011 12:04:59 GMT
    WWW-Authenticate: OAuth oauth_problem="signature_invalid", realm="yahooapis.com"
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: application/xml
    Cache-Control: private
    
    167    
    
    
      xml:lang='en-US'>
       Please provide valid credentials. OAuth oauth_problem="signature_invalid", realm="yahooapis.com"
    

    
    
    0

by
0 Replies

Recent Posts

in OAuth General Discussion YDN SDKs