After the user authorizes the access, the redirect to my site occurs, but i'm not able to successfully verify the HMAC-SHA1 signature made by Yahoo. i have reviewed the specs and the sample source code that is out there, but I cannot verify the exact values of signaturebase and hmac keys that yahoo servers are making. I tried to "guess" the signature base and key format and also conformed to the principals at http://developer.yahoo.com/oauth/guide/oauth-signing.html but with no luck.
since every byte counts and can make a completely different HMAC-SHA1 signature i wonder if there is some sort of a test vector scenario that will explain to me how yahoo builds their signature on the data (starting by deriving the right HMAC-SHA1 keys from consumerSecret and then detailing the signature base)
I report something similar but in the other direction "exchange pre-approve token for an access token", i can't generate the right signature for yahoo, did you find a solution ?
I have an error report by yahoo when i want to exchange my pre approved request token to a new access token. Yahoo said the signature is invalid. How can i debug this problem ? (I know the signature process work well with pure OAuth style access)