0

Php Signing: OAuth oauth_problem=signature_invalid

For some reason the hmac signing is going wrong and I have no idea why. I tried the Php Sdk and I get the same error so I started from scratch without any luck.

CODE
$timestamp = strtotime('now');
$nonce = substr(md5(uniqid(rand())), 0, 8);

// Data to encode
$data = array(
'oauth_consumer_key' => OAUTH_CONSUMER_KEY,
'oauth_nonce' => $nonce,
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => $timestamp,
'oauth_version' => '1.0',
'xoauth_lang_pref' => 'en-us'
);

// Generate HMAC_SHA1
$base_string = http_build_query($data);
$base_string = urlencode($base_string);
$base_string = 'POST&' . urlencode('https://api.login.yahoo.com/oauth/v2/get_request_token') . '&' . $base_string;
$signature = hash_hmac('sha1', $base_string, OAUTH_CONSUMER_SECRET);

// Generate Post Data
$post = $data;
unset($post['xoauth_lang_pref']);
$post['oauth_signature'] = $signature;

$response = http::request(
'https://api.login.yahoo.com/oauth/v2/get_request_token',
array(
'POST' => $post
)
);


CODE
Base String:
string(335) "POST&https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Fget_request_token&oauth_consumer_key%3Ddj0yJmk9TWxuYlhVcDBEREVsJmQ9WVdrOVRrbENUREZITkc4bWNHbzlOalV4TVRZM016SXcmcz1jb2
5zdW1lcnNlY3JldCZ4PWE0%26oauth_nonce%3D31fe6a02%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1258321950%26oauth_version%3D1.0%26xoauth_lang_pref%3Den-us"

Signature:
string(40) "a5a4f73c716ff86f3433fc704b7451640767c904"

Post Sent:
[oauth_consumer_key] => dj0yJmk9TWxuYlhVcDBEREVsJmQ9WVdrOVRrbENUREZITkc4bWNHbzlOalV4TVRZM016SXcmcz1jb25z
dW1lcnNlY3JldCZ4PWE0
[oauth_nonce] => 31fe6a02
[oauth_signature_method] => HMAC-SHA1
[oauth_timestamp] => 1258321950
[oauth_version] => 1.0
[oauth_signature] => a5a4f73c716ff86f3433fc704b7451640767c904

Header Sent:
POST /oauth/v2/get_request_token HTTP/1.1
Host: api.login.yahoo.com
Accept: */*
Content-Length: 275
Content-Type: application/x-www-form-urlencoded

Header Received:
[0] => HTTP/1.1 401 Forbidden
[Date] => Sun, 15 Nov 2009 22:09:33 GMT
[P3P] => policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
[WWW-Authenticate] => OAuth oauth_problem=signature_invalid
[Connection] => close
[Transfer-Encoding] => chunked
[Content-Type] => application/x-www-form-urlencoded

by
3 Replies
  • I finally reverted back to the php yahoo sdk, and this is a very important note.

    $yahoo_session = YahooSession::requireSession(API_KEY, SHARED_SECRET, APP_ID, 'http://sitesdomain.com/');

    YOU MUST specify the domain that you used to sign up as the key. Trying to do:

    $yahoo_session = YahooSession::requireSession(API_KEY, SHARED_SECRET);

    will fail.
    0
  • QUOTE (Joseph M @ Nov 16 2009, 11:49 AM) <{POST_SNAPBACK}>
    I finally reverted back to the php yahoo sdk, and this is a very important note.

    $yahoo_session = YahooSession::requireSession(API_KEY, SHARED_SECRET, APP_ID, 'http://sitesdomain.com/');

    YOU MUST specify the domain that you used to sign up as the key. Trying to do:

    $yahoo_session = YahooSession::requireSession(API_KEY, SHARED_SECRET);

    will fail.


    Yes, you need to specify your application id and call back domain. Is everything working correctly for you now?
    0
  • In the new php5 sdk, the key parts are specified as

    $key_parts = array(
    $consumer->secret,
    ($token) ? $token->secret : ""
    );


    Is that right? Shouldn't it include the domain and APP_ID as well?

    thanks
    Frank
    0

Recent Posts

in OAuth General Discussion YDN SDKs