0

Problem accessing a protected resource with a valid Access Token

Hi guys,

First of all I must say I love what you are doing in Yahoo! Developer Network, it's awesome!

I've developed a OAuth client library for java, and I'm trying to make it work with as many providers as I can, Yahoo! being one of the firsts.

This is the sample code for the interaction with your API:

http://github.com/fernandezpablo85/scribe/.../YahooSpec.java

All steps run nicely but the last one (while actually trying to fetch a protected resoruce with the fresh AccessToken and Secret)

Any clues?

Thanks a lot!

22 Replies
  • Hi,

    Can you please send us the complete HTTP request and response
    that fails so we can check from our end?

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0
  • Hello folks,

    I am a developer that uses Pablo's library and I was confronted with the same problem. I've been thinking about posting a HTTP request and response as requested by Yu Wang. Unfortunately, I'm rather new at these kind of requests through Java and I have no idea of how to capture this request/response.
    I'm using Ubuntu as an OS, Eclipse 3.5 as my IDE and Java 6.
    I have tried using Wireshark (an network traffic monitor) before, but I noticed HTTPS calls are of course encrypted. I suppose you only need the request/response as made to final URL, which is to plain HTTP, so it might work. Can you tell me if I'm on the right track? Thanks in advance!

    Regards,

    Martin van Es
    0
  • Hi Martin,

    Your understanding is correct. We just need information like
    the following:

    Consumer key: dj0yJmk9TUJETmxhUG9WbDlPJmQ9WVdrOWR6Um9kRkl3TXpRbWNHbzlNVGszTVRBM05USXhOQS0tJnM9
    Y29uc3VtZXJzZWNyZXQmeD02MQ--
    URL: https://api.login.yahoo.com/oauth/v2/get_request_token
    HTTP POST data: oauth_version=1.0&oauth_nonce=8c76a87ffd3e4f48b53ed4b669b0b35f&oauth_timestamp=1268432350&oauth_consumer_key=dj0yJmk9TUJETmxhUG9WbDlPJmQ9WVdrOWR6Um9kRkl3TXpRbWNHbzlNV
    GszTVRBM05USXhOQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02MQ--&oauth_signature_method=PLAINTEXT&oauth_signature=821ce9362da7d3d441265e77469a1339c42097612526&oauth_callback=oob"

    Thanks,
    Yu Wang
    0
  • OK, I think I've got it:

    GET /v2/posts/add?description=Ubuntu%20Start%20Page&replace=no&shared=yes&tags=bottylicious&url=http%3A//start.ubuntu.com/9.10/ HTTP/1.1\r\n

    Expert Info (Chat/Sequence): GET /v2/posts/add?description=Ubuntu%20Start%20Page&replace=no&shared=yes&tags=bottylicious&url=http%3A//start.ubuntu.com/9.10/ HTTP/1.1\r\n

    OAuth oauth_consumer_key=\"dj0yJmk9dEFFbklWRjBkZ3plJmQ9WVdrOVdIWnVkbU5JTXpBbWNHbzlNVGM1TXpRMk5EYzJNZy0
    tJnM9Y29uc3VtZXJzZWNyZXQmeD1jYw--\", oauth_nonce=\"48b3b67aabe67bea73798ebfb17e207c\", oauth_signature=\"lMNvGWKBrK3qZ%2BtWqjKszcggg70%3D\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1272617165\", oauth_token=\"A%253DFSuhkDvHrwgvxs3J_PmH8jAFCxgSfLeilVF6HqdfiaslnLSQl7ofq78QiabcwYv7vXdg2ao46AsJ
    cX9tqXJ_jNyC1ab5t.NwZ5FMXiouRTjgs3pNs2z.xeOeBtyH5zUIZWrEhQ28J2fOrZEdQdonPnrv5AbZJ
    KBuRoysJpWaaVd4.a1g5ND2nfFMIxjOKI.QD4Ndjz4D3k40CyV8.i1lD87NFEMP7Jdmj5R4TnAf9bjMyL
    TvXEmoG0bWKjtfdWyCNSEynW.VjiZZkMvVJrVv0Y7jhaLH9SeDgYm1O35zsRcUcsaeerrugGriQn4dvJ5
    4HGFRJfPg41p85H.YzsifSbDzahv3.R7KcG9j4AvA3TAaiuisGXX3EWEth1kGlAypwYVy7U88BRosmYOY
    M8wlhoxLIx8Bcm_JykfqTwKAomXN944lvFLh.V30cykoS1Nm4mZRs8c_MqpwKOy3xKZfQFpYUe6FWF1uU
    wxAxcikOJ6Zc36trCQ4UWeLh5MaICSy91As9vOCwTuQx0et9Ov25RBm5rSjFN_azLQ7qW8zibjbh_47Mz
    rOt23.SwaUDTzHqOQLdUdEFW.65wmA4EelsJqmgbES1Gcugt_xcebZutK_inwUs7y1aa8LpXLWCTY8iab
    __AWnSwdaufDT1f.450OrQYHDNpyvlbLU3aGKkPoK17XgYKRwgLjsOEcyxT6wOr27nezKcSIO7WQ3p_qw
    zvGPoQY62i0QVdu8WuU8jhrk5XUmlgbBlu25\", oauth_version=\"1.0\", realm=\"yahooapis.com\"

    Altough I can't explicitely find it in the captured request in Wireshark, it's calling this URL http://api.del.icio.us/v2/posts/add

    And my consumer key is: dj0yJmk9dEFFbklWRjBkZ3plJmQ9WVdrOVdIWnVkbU5JTXpBbWNHbzlNVGM1TXpRMk5EYzJNZy0tJnM9
    Y29uc3VtZXJzZWNyZXQmeD1jYw--

    Thanks for your help!
    0
  • Hi,

    I haven't tried Delicious API myself before. I see that they have a
    detailed step-by-step guide:
    http://delicious.com/help/oauthapi

    Have you tried to follow it? Please check your signature generation with
    theirs and see if they are exactly the same.

    Thanks,
    Yu Wang
    0
  • The delicious api as described by the link you posted was my starting point. Then I found the library by Pablo, and used that. I don't really create the request myself. Maybe Pablo can comment on this?
    0
  • Hi Martin/Pablo,

    Can you please copy the HTTP response here? We need to know what
    the detailed error is.

    Thanks,
    Yu Wang
    0
  • I suppose you mean this? Please let me know if you need anything else.

    <?xml version='1.0' encoding='UTF-8'?>
    <yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
    xml:lang='en-US'>
    <yahoo:description>Please provide valid credentials. OAuth oauth_problem="token_rejected", realm="yahooapis.com"</yahoo:description>
    </yahoo:error>
    <!-- fe03.api.del.ac4.yahoo.net uncompressed/chunked Sun May 2 06:55:14 PDT 2010 -->
    0
  • Hi,

    Probably your oauth_token is URL-encoded twice. In post #5,
    I see oauth_token is 'A%253DFSuhkDvHrwgvxs3J_PmH8...'.

    Can you try with 'A%3DFSuhkDvHrwgvxs3J_PmH8...' instead?

    Thanks,
    Yu Wang
    0
  • OK, this time I tried it with:

    %.:f8EP@@LPO)7.
    IqGET /v2/posts/recent HTTP/1.1
    Authorization: OAuth oauth_consumer_key="dj0yJmk9dEFFbklWRjBkZ3plJmQ9WVdrOVdIWnVkbU5JTXpBbWNHbzlNVGM1TXpRMk5EYzJNZy0
    tJnM9Y29uc3VtZXJzZWNyZXQmeD1jYw--", oauth_nonce="4efbaf08b4b27ab36faa466ae4aad1e6", oauth_signature="H5rln0LokmvewGfE5kfo7WJNElk%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1272902494", oauth_token="A%3Dvcaa7SvfuD1A_9_F_zCkHG7qVwQ.5W3_uX42TieOr5fEg4aodHbBMzVSXeVemDPa14eUxxImlkSqR1
    R.w2YEHfIaYIFSfNN9K2VyOcYmeS.yh_gYliq4PLpIsnYuDxlp95qfDB8F0hxOvTM3MGeNjYkHYYYy5VN
    h85R8W5A8vfi13trJMONX_YABwMh.IU5PAa_ioYd9ZalKwByuYDd5wE_1gJzL14lzkRV0JdEX_aIYzj5n
    a3l10wfT5TpOCHwEUNd2bqDQjhVS1DcA0Nrlo0B1mm8S_eqADatIj8SEHCiolAHcetcNnhJLIjwwRrn0s
    NDnsRHXmet65OpSWHC3NhXGfgMGPLat6vyecPPU6DrEebTdtst5Fh1EZq.6s.O.D1kagxt4bGy1QJ7NRO
    yADbXEL50MMJrl9.mya_VX34QPRoDa8XQbzy0YxMsDXuiwZQ1YY3DykhwJtqKYgeqz7hw.Gc.JhsoCPsq
    lOjBbUr3Cv6J2ukCusqH5TomICK2JJN7iqS_xbM4YJkOUHChgRjHQgjTU.NckpVfEgbcD0wdTLn7kxF8v
    qq9RgG_Y.wD0Ys5nwZbiXa4Gn.tbsB73fRh3UlM48Slvk7W162s4UvVw5sx3SvgURtdQspNr6p1Lb09.r
    joqHN0D0WHKDp8J8CbCsojN.wk2W9JhMihCApmSc_Gwxc0cwFks.FYWVUWUD4dmKsqoFK6GNhpQTFHvyH
    AN_HucC1QWuxHOKX2FdHwVxAokWdk5GqL1", oauth_version="1.0", realm="yahooapis.com"
    User-Agent: Java/1.6.0_0
    Host: api.del.icio.us
    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
    Connection: keep-alive

    Unfortunately I still get this response:

    :f8%.Ee@-ouLP)7O0
    Ir*HTTP/1.1 401 Authorization Required
    Date: Mon, 03 May 2010 16:01:34 GMT
    WWW-Authenticate: OAuth oauth_problem="signature_invalid", realm="yahooapis.com"
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: application/xml

    166
    <?xml version='1.0' encoding='UTF-8'?>
    <yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
    xml:lang='en-US'>
    <yahoo:description>Please provide valid credentials. OAuth oauth_problem="signature_invalid", realm="yahooapis.com"</yahoo:description>
    </yahoo:error>
    <!-- fe06.api.del.ac4.yahoo.net uncompressed/chunked Mon May 3 09:01:34 PDT 2010 -->

    @Pablo: I manually url decoded the oauth_token this time before using it with signRequest.
    0
  • Hi,

    Can you please provide the signature base string?
    http://oauth.net/core/1.0a/#anchor21

    Thanks,
    Yu Wang
    0
  • Hey guys,

    Sorry for being absent on this, my spam filter was eating the email notifications for this thread... weird.

    Well, I've added a method to the cutting-edge version of scribe that prints some useful information for the request being made, in JSON format.

    Probably this will help us debug the problem.

    These are the consumer_key and consumer_secret I'm using

    CODE
    consumer.key=dj0yJmk9TXZDWVpNVVdGaVFmJmQ9WVdrOWMweHZXbkZLTkhVbWNHbzlNVEl5TWprd05
    qUTJNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD0wMw--
    consumer.secret=262be559f92a2be20c4c039419018f2b48cdfce9


    Some information about the request:

    http://gist.github.com/390321

    (This is in JSON format)

    Response details:

    CODE
    {"error":{"lang":"en-US","description":"Please provide valid credentials. OAuth oauth_problem=\"token_rejected\", realm=\"yahooapis.com\""}}


    Let me know if you need more info, and sorry again Martin for being mute on this.

    Pablo
    0
  • Hi Pablo,

    The oauth_token should take the form of 'A%3D...', not 'A%253D...' It looks like
    you URL-encode it twice.

    Also in the stringToSign, I don't see "oauth_token" included.

    Can you please provide the oauth_token_secret as well if fixing the above two still
    doesn't work?

    Thanks,
    Yu Wang
    0
  • Hi Pablo,

    I am trying to use Scribe Library to access information from Yahoo using YQL but it seems that I am having this issue, were you able to resolve this issue? please let me know, really appreciate your help.

    the error message below:

    <?xml version='1.0' encoding='UTF-8'?>
    <yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
    xml:lang='en-US'>
    <yahoo:description>Please provide valid credentials. OAuth oauth_problem="signature_invalid", realm="yahooapis.com"</yahoo:description>
    </yahoo:error>
    <!-- yqlengine1.pipes.mud.yahoo.com uncompressed/chunked Fri Oct 8 08:49:44 PDT 2010 -->


    Thanks,

    Zia
    0
  • Hi Zia,

    You can probably ask Pablo directly and the contact information is here:
    http://github.com/fernandezpablo85/scribe/.../YahooSpec.java

    You can also open a new topic with the detailed OAuth request and
    response headers when you call the YQL and we can help check the
    rootcause.

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0
  • Hi Yu,

    Thanks for the reply, I actually already posted this in the Fantasy API section because i am working with Fantasy API. but later i realized that this is related to OAUTH. anyway, below is the link to the topic, please let me know if i should close the topic there and open a new one under OAUTH.

    http://developer.yahoo.net/forum/index.php?showtopic=7248

    I am also attaching the request response that i posted in the above topic, pleas let me know if you need more information, any help is greatly appreciated.


    Request:

    GET /v1/yql?q=select+*+from+fantasysports.leagues+where+league_key%3D%27249.l.37334%27 HTTP/1.1
    Authorization: OAuth oauth_consumer_key="dj0yJmk9bG9aNkswZnZNcG1mJmQ9WVdrOWQyeDBla05KTjJFbWNHbzlNQS0tJnM9Y29uc3VtZXJ
    zZWNyZXQmeD0wOA--", oauth_nonce="2d48c42c15614972e99f87bc05d8031e", oauth_signature="48LsFPOtWBmFQGBH%2BS1xxNfhUWw%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1286314620", oauth_token="A%3DGOuiGX3juBHErfO2ovdbwEaWil1KI6Tq28g0LXtbf9_ONf.a8bV1.UT6YLORc5p3roQ9EFeotR6b4l
    t9a7pqHiioQsAby8UyEK5tg4U5TzoJEnPjHyOq7JdV764hFN.Sm2ryb86DxcO6FnHJjPQPKF8NdK8XoFS
    Kp5PAm6LvTT1Cqup36aGjpzYo585N3RVRSPkrLIqAjQ.mhVf7mzTpFcIhX0ll.kxSWpDm8Uj6sSfYr3u5
    vLntGiR27wxQnS2dz9Mry0aIN9OJANVzTbdVC98wcatLq.JZDVyw9HAiOhc1C8D6qKfn1y8OYZqEK3nCE
    JmhO0XrV7Ly.d_UUKHk1g0HU1I25o5Wy6LFUS3Fl21z8bu6fJ1fIrIEC7ABVPktBlpTf1WFl4ryFDt24C
    SQMNh_nOQnh3rC6dRhN25VIuUnWeis7ytfW1O5hXN5ZipcfnU6sCT4Pjyov0wg4Y24u7QQ.2.q_7kPvSt
    EPONQKGn_Ny5YL0hLx.oENUJFiq.IyjiE29kHVMs6VioIFMECxN3WMIIuLaZ.9VtMAfqUHdLtodJ88nc4
    zxTxyjV9kiAMykXVslnqyfw.8VCLb_MKJWPuV_Ii6.FcKolRa52Gm1hcIl4SYiT2OayGaUvkX33DgK2.9
    wFogP3VR41xarN5SusvRaO32WoTfkJsaDRxmglz4K6txtn0k_F6", oauth_version="1.0", realm="yahooapis.com"
    User-Agent: Java/1.6.0_21
    Host: query.yahooapis.com
    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
    Connection: keep-alive


    Response:

    HTTP/1.1 401 Authorization Required
    Date: Tue, 05 Oct 2010 21:37:01 GMT
    WWW-Authenticate: OAuth oauth_problem="signature_invalid", realm="yahooapis.com"
    Content-Type: application/xml
    Cache-Control: private
    Age: 0
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: YTS/1.17.21

    16a
    <?xml version='1.0' encoding='UTF-8'?>
    <yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
    xml:lang='en-US'>
    <yahoo:description>Please provide valid credentials. OAuth oauth_problem="signature_invalid", realm="yahooapis.com"</yahoo:description>
    </yahoo:error>
    <!-- yqlengine1.pipes.mud.yahoo.com uncompressed/chunked Tue Oct 5 14:37:01 PDT 2010 -->
    0
  • Hi unobmobi,

    Can you please check if your Signature Base String is exactly the
    same as the following:

    GET&http%3A%2F%2Fquery.yahooapis.com%2Fv1%2Fyql&oauth_consumer_key%3Ddj0yJmk9bG9aNkswZnZNcG1mJmQ9WVdrOWQyeDBla05KTjJFbWNHbzlNQS0tJnM9Y29uc3VtZXJzZW
    NyZXQmeD0wOA--%26oauth_nonce%3D2d48c42c15614972e99f87bc05d8031e%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1286314620%26oauth_token%3DA%253DGOuiGX3juBHErfO2ovdbwEaWil1KI6Tq28g0LXtbf9_ONf.a8bV1.UT6YLORc5p3roQ9EFeotR6b
    4lt9a7pqHiioQsAby8UyEK5tg4U5TzoJEnPjHyOq7JdV764hFN.Sm2ryb86DxcO6FnHJjPQPKF8NdK8Xo
    FSKp5PAm6LvTT1Cqup36aGjpzYo585N3RVRSPkrLIqAjQ.mhVf7mzTpFcIhX0ll.kxSWpDm8Uj6sSfYr3
    u5vLntGiR27wxQnS2dz9Mry0aIN9OJANVzTbdVC98wcatLq.JZDVyw9HAiOhc1C8D6qKfn1y8OYZqEK3n
    CEJmhO0XrV7Ly.d_UUKHk1g0HU1I25o5Wy6LFUS3Fl21z8bu6fJ1fIrIEC7ABVPktBlpTf1WFl4ryFDt2
    4CSQMNh_nOQnh3rC6dRhN25VIuUnWeis7ytfW1O5hXN5ZipcfnU6sCT4Pjyov0wg4Y24u7QQ.2.q_7kPv
    StEPONQKGn_Ny5YL0hLx.oENUJFiq.IyjiE29kHVMs6VioIFMECxN3WMIIuLaZ.9VtMAfqUHdLtodJ88n
    c4zxTxyjV9kiAMykXVslnqyfw.8VCLb_MKJWPuV_Ii6.FcKolRa52Gm1hcIl4SYiT2OayGaUvkX33DgK2
    .9wFogP3VR41xarN5SusvRaO32WoTfkJsaDRxmglz4K6txtn0k_F6%26oauth_version%3D1.0

    Then the signature should be 'R2W4LEhqXoDLajoW0OyI4iumQyI='

    Thanks,
    Yu Wang
    0
  • Hi Yu,

    I am kinda new to OAUTH and that's why I am using Scribe library to make the requests, I am not sure how i check this, would you happen to know how i can get this information?

    Thanks,

    Zia
    0
  • Hi Yu,

    I've made it all the way to Step 7 (http://delicious.com/help/oauthapi) & (http://developer.yahoo.com/oauth/guide/oauth-accesstoken.html)

    But keep getting
    Please provide valid credentials.

    I've spent literally two days trying to figure this out and haven't had any luck.

    Can someone please paste their JAVA code where you build the base string, generate the signature, and request to delicious api(any common example)?

    I would be soooooo thankful:)

    I'm thinking I may be doing the urlencoding in the wrong order or something simple like that. Or maybe the headers I'm using in cURL aren't right. Or maybe the Delicious instructions are wrong (yet again...like in Step 4).


    Here is my code:

    These are my steps[5 to 7]

    Step 5:

    access_token=A%3DuV5zdJSbpQvlLxowAU0i675uUVbUUV_l6D6L5GKjxnSEykWLnvR9rrgsDkPpvWJdahxxbGl68DGEoc
    uKMrcS_j1YULaae7Z_QfTPxN3iEkYfOKl96qAaYHdygRA35e.rhrdCrtLAxOoxW.nCblEga4pq0l9mxr
    _
    rSkx64q2OJFLNyYTgXhir5kiw9JvlzevkKXyf3NMEAQaJqb5Fd8N0D4iXma4uWM5DIojJ8OM5wOwkB2D
    u
    iRZ1n00F5S4Qg3BpkH2GrukQl.TMk4oAmQGGi341_.9rQRFzR_hCbVLZsNjzVB49ZQVqXw6oH47yrdgL
    5
    ZzjieefTmhcWDFSHoo3CtiimGIve6U35cUH8cmBbrtSbUdA2yA19QREVbsmoKe3v_GoU0_6VFjBNCS1P
    B
    _vYG82cJVB0ROibkX3udaKQe_VX.hKjSMyT.n78Z8YWUaKCwAGsBGw9yZP3XnlUjb_A72BrzMi5UDJaW
    w
    r9_kWDCTPJ1YtUROdPWXSbUMZ33c.cradFdNmIMHW1hIwYgOCXSIRn1a2Yf6kTtCnP_1FD_oz06k.NQj
    B
    pkMl7x4.Xsh6zLjG0hhEBYNO3AYeLk2lvPcXP2nzJQ4gmQ__Cz0ctHzDHayP47E0rQwGEDi0.wLBx0Bz
    f
    Tx3GTh0trqNAUY.8dzLWgcjZya7OFzX3X1WxGMg9Tz5xegSRxYt.8aRyIp7kmfumKq67qpJ_CxbVWcZI
    p
    ztN61N2A--

    String[] arrTimeStampAndNonce = createTimeStampAndNonce();

    String params = "oauth_consumer_key="+ServletConstants.YAHOO_CONSUMER_KEY+
    "&oauth_nonce="+arrTimeStampAndNonce[1]+
    "&oauth_signature_method=HMAC-SHA1"+
    "&oauth_timestamp="+arrTimeStampAndNonce[0]+
    "&oauth_token="+access_token+
    "&oauth_version=1.0"+
    "&url="+URLEncoder.encode("http://www.yahoo.com/","UTF-8");

    String encodeParams = URLEncoder.encode(params,"UTF-8");

    String encodeURL = URLEncoder.encode("http://api.del.icio.us/v2/posts/suggest", "UTF-8");

    String baseString = "GET&"+encodeURL+"&"+encodeParams;

    Result:

    String baseString = "GET&http%3A%2F%2Fapi.del.icio.us%2Fv2%2Fposts%2Fsuggest&oauth_consumer_key%3Ddj0yJmk9UzQzbjNFZlpZdnJTJmQ9WVdrOVlXbFlVbGxrTnpRbWNHbzlOVFE1TXprME5EWXkmcz1jb2
    5zdW1lcnNlY3JldCZ4PWVl%26oauth_nonce%3D5731531896143931081%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1293457885%26oauth_token%3DA%253DuV5zdJSbpQvlLxowAU0i675uUVbUUV_l6D6L5GKjxnSEykWLnvR9rrgsDkPpvWJdahxxbGl68DGE
    ocuKMrcS_j1YULaae7Z_QfTPxN3iEkYfOKl96qAaYHdygRA35e.rhrdCrtLAxOoxW.nCblEga4pq0l9m
    x
    r_rSkx64q2OJFLNyYTgXhir5kiw9JvlzevkKXyf3NMEAQaJqb5Fd8N0D4iXma4uWM5DIojJ8OM5wOwkB
    2
    DuiRZ1n00F5S4Qg3BpkH2GrukQl.TMk4oAmQGGi341_.9rQRFzR_hCbVLZsNjzVB49ZQVqXw6oH47yrd
    g
    L5ZzjieefTmhcWDFSHoo3CtiimGIve6U35cUH8cmBbrtSbUdA2yA19QREVbsmoKe3v_GoU0_6VFjBNCS
    1
    PB_vYG82cJVB0ROibkX3udaKQe_VX.hKjSMyT.n78Z8YWUaKCwAGsBGw9yZP3XnlUjb_A72BrzMi5UDJ
    a
    Wwr9_kWDCTPJ1YtUROdPWXSbUMZ33c.cradFdNmIMHW1hIwYgOCXSIRn1a2Yf6kTtCnP_1FD_oz06k.N
    Q
    jBpkMl7x4.Xsh6zLjG0hhEBYNO3AYeLk2lvPcXP2nzJQ4gmQ__Cz0ctHzDHayP47E0rQwGEDi0.wLBx0
    B
    zfTx3GTh0trqNAUY.8dzLWgcjZya7OFzX3X1WxGMg9Tz5xegSRxYt.8aRyIp7kmfumKq67qpJ_CxbVWc
    Z
    IpztN61N2A--%26oauth_version%3D1.0%26url%3Dhttp%253A%252F%252Fwww.yahoo.com%252F";


    Step 6:

    String hmackey = URLEncoder.encode(ServletConstants.YAHOO_CONSUMER_SECRET,"UTF-8")+"&"+URLEncoder.encode(access_token_secret, "UTF-8");

    Mac mac = Mac.getInstance("HmacSHA1");
    SecretKeySpec secret = new SecretKeySpec(hmackey .getBytes(), mac.getAlgorithm());
    mac.init(secret);
    byte[] digest = mac.doFinal(baseString.getBytes());
    String hmacSignature =Base64.encode(digest);


    Result :
    hmacSignature: sgSo9U8Q7HKX5mlU0E6F6ezJkjc=

    Step7:
    hmacSignature = URLEncoder.encode(hmacSignature,"UTF-8");
    String[] arrTimeStampAndNonce = createTimeStampAndNonce();

    String params = "OAuth realm=\"yahooapis.com\",oauth_consumer_key=\""+ServletConstants.YAHOO_CONSUMER_KEY+"\",oauth_nonce=\""+arrTimeStampAndNonce[1]+"\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\""+arrTimeStampAndNonce[0]+"\",oauth_token=\""+access_token+"\", oauth_version=\"1.0\",oauth_signature=\""+hmacSignature+"\"";

    String reqUrl = "http://api.del.icio.us/v2/posts/suggest?url="+URLEncoder.encode("http://www.yahoo.com/", "UTF-8");

    GetMethod getMethod = new GetMethod(reqUrl);

    getMethod.addRequestHeader("Authorization", params);


    int status = httpclient.executeMethod(getMethod);

    String bookmarks = getMethod.getResponseBodyAsString();


    please guys help me... i am in big trouble for last 2 days..
    Thanks,
    0
  • Hi guys,

    I got it work.. thank you guys...
    0
  • Hi all,

    I'm stuck with Yahoo Contact API since two days.

     I'm stuck in 2nd step of three-legged flow of OAuth authorization since 2 days.

     I got key and secret from 1st step.For 2nd step I'm getting file not found error in firefox,yahoo icon in chromium, unable to download requets token message in internet explorer,   Please share yahoo's live help number or emailid.Please pass it to supersixvenpala@yahoo.co.in at the earliest.

    It is really urgent.Please respond















    0
  • Hi i am not able to get access token using pablo's library it is giving
    Response body is incorrect. Can&#39;t extract token and secret from this: &#39;oauth_problem=signature_invalid&#39; error
    0
  • it is very urgent please help
    0
  • Hi guys,

    I thought I'd share my experience using Scribe for Java and the Yahoo! API, where I realized that it's important to include both the token and the secret when creating the Token object used when trading a request token for an access token. In other words, I got the signature_invalid error until I realized that the secret string was missing in the puzzle, since the secret is used to sign the request.


    Sigbjørn
    0

Recent Posts

in OAuth General Discussion YDN SDKs