0

Unauthorized

This is my url.

http://social.yahooapis.com/v1/user/VXU2B3...3IQ5XM/contacts
?
format=XML&oauth_consumer_key=dj0yJmk9dmRQS1dNc2l1dTF5JmQ9WVdrOVpWUTNlb
FZRTldVbWNHbzlNVFUzTXpJeE1qTTJNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD1hYQ--
&oauth_token=A%
3DhP_Osd7fjFF96hqk6EqXfkQ31kbm7eEZJJjLoF1jNIT3ROxGc5URXqXRYsWT4fNgHXOPZ
Tgg.ewLpVzzUKbvMiD.MQkS_pNl6jRi80X6agSw9wxR4zbOJ3neko857mFv8IQBK20VGq4Z
d4ciCH.b1ijlOyWtqqFHkkGX5DoVoDVsi5caHHsmgsbV5v0_2O8B4iHnrVRKmGlKp3XbXGG
AflcuRkgV4DQmBeIKuImCwrjolnGogZFl0HJkbw0cPjuIVIbFyKEjPqTPyyEssaBk926ZrE
z_dBghhTT8pAqhHMqli0RBAUhbZvk08sutI2fKu3_irPCS8YzmrBsAcI9L9IrqC0Rn5xuR7
5Hw0OYOAlZMAkxTPA9ohkPbbT4xbQ9Iiqc8J0Z343S_DirHcoroonK7DYvWzNEXpqHk2sjX
61f8ggX5FoVibmwSp0zMX8NCFFGcSy8nnaPam3YhwiTm3WqiZECkdpqV41oCmV24jm66B7l
Rt1Noi.DFvIpBEzkeBiFrAfoQwIWTxVYIF57BjDlfRiXuUY7oiWJVVy.5ZY3O5nGafQY3tN
P7qxTqx4NI6k3goGFwnxfnoiBr07NdkVhPfJzpYhLgEdIPW7hkeMQvfNbOi7nrxEBzWWBv2
c4ffzLjo3zdhVwP2b4czphlNRwxwU3.ewlXUGETYoXF98iNwBcW81r_j9VqQWiZJHBF81nM
DTwVGeUCih42AxyGBSh9hA6NQvk-&oauth_signature_method=HMAC-
SHA1&oauth_signature=oU/qI4Hbx9BFmnDn47PuNsxkrjo=&oauth_nonce=5edde8e6d
7da2bc0c4ba371660c26905&oauth_timestamp=1273727192&oauth_version=1.0

i guess the signature is wrong , but i can't be sure of it. Anybody help me?

by
5 Replies
  • Hi,

    When the 401 error is returned, the detailed error information is
    shown in both HTTP response headers and body. It is not necessarily
    a signature_invalid error. Can you please log the complete request
    you sent and the response you got and copy them over here? So we can
    help check it.

    In case it is indeed a signature_invalid error, can you please provide
    the signature base string?
    http://oauth.net/core/1.0a/#anchor21

    Thanks,
    Yu Wang
    0
  • QUOTE (omiga @ May 13 2010, 09:20 AM) <{POST_SNAPBACK}>
    Hi,

    When the 401 error is returned, the detailed error information is
    shown in both HTTP response headers and body. It is not necessarily
    a signature_invalid error. Can you please log the complete request
    you sent and the response you got and copy them over here? So we can
    help check it.

    In case it is indeed a signature_invalid error, can you please provide
    the signature base string?
    http://oauth.net/core/1.0a/#anchor21

    Thanks,
    Yu Wang

    Hello omiga,

    I get the contacts by querying. this is the complete request and the resonse.
    url:
    http://social.yahooapis.com/v1/user/VXU2B3...3IQ5XM/contacts

    ?

    format=XML&oauth_consumer_key=dj0yJmk9dmRQS1dNc2l1dTF5JmQ9WVdrOVpWUTNlb

    FZRTldVbWNHbzlNVFUzTXpJeE1qTTJNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD1hYQ--

    &oauth_token=A%

    3D9Cp6AtjvvCu3stsf.9.T4Hi69TBb3eRE3x2Fw9OkRBi4YIU6vzz6uCvM1BK0Kh_ZHavXX

    38hZ3IhfT_mgu6cNzFZFqR6wZvSSDR8x3.PoMrbxiQ43LTWezvnIkffU3.zHu2CNQXexWW.

    OEqAfRT1J0HlzsEdcQQCarz9frQCa8f2GBI4Yvr2G0lJWaBixKGQpSkxpKyrDDXTmiVaBUs

    Ivg_4Mn8yMYLzPZ1BiHljVIFIZyYoI5Ks.J4tP3ydhhe8y17Ffcr512Bgrsnj6XoT5vF0LG

    vmX.1w9EYm4h9RuU.FaOBnNbqUYMmofeQKMUybX69Ep7L2cJTijE_7pexWiq1Lz0xyp70Bd

    4ghW9bNA0by_33yFVoaNwtALTdOkfiG0F7121vMv8k3jWruHURs4QvqaDhQ9Li9lAHD7Plu

    mD6ydeSnF6dIxZ0C1eO25Ylg61BMklfqFYPeufoCklzpD6eHBRIc7nSo4X7l5u1PFWof292

    3DANkjbW.5Nk84rxCWDFukhFn2MDD05haquE6B83Y91Pmlnm2L08oM.PyWo1DmKFJElVNxX

    VG_f4O6AI9XtYEB_ts7KKk9Fgc0CGR6LSBGko0YO2MV0QLSyk5mNZxMDYYevRPJEIyD_iIZ

    G4.dOVMDoXJzkyEjf28JCmTO.l8gqqSLj13R7b3A.oRGvZaTJxQYwiyEx_Brf04iNniEuAI

    IxsDjy_pz4vSCFzu7.9PWGHx6IY-&oauth_signature_method=HMAC-

    SHA1&oauth_nonce=3b5f59396a3c968b94e3fe1fda1acb3c&oauth_timestamp=12738

    01265&oauth_version=1.0&oauth_signature=zWbtpktx7%2F2Ju1eCDqWWX1TnTsE%

    3D

    headers:
    User-Agent=Wd1CMO6q Authorization=OAuth Accept=*/*

    response headers:
    Age=0 Connection=close Content-Type=application/xml Date=Fri, 14 May

    2010 01:41:03 GMT Server=YTS/1.18.5 Via=HTTP/1.1 r4.ycpi.tw1.yahoo.net

    (YahooTrafficServer/1.18.5 [cMsSf ]) WWW-Authenticate=OAuth

    oauth_problem="signature_invalid", realm="yahooapis.com"
    0
  • oh, my basestring is this .

    GET&http%3A%2F%2Fsocial.yahooapis.com%2Fv1%2Fuser%2FVXU2B3QNABMUYJ5WQBEN3IQ5XM%2Fcontacts&format%3DXML%26oauth_consumer_key%3Ddj0yJmk9dmRQS1dNc2l1dTF5JmQ9WVdrOVpWUTNlbFZRTldVbWNHbzlNVFUzTXpJeE1qTTJNZy0tJn
    M9Y29uc3VtZXJzZWNyZXQmeD1hYQ--%26oauth_token%3DA%

    3D9Cp6AtjvvCu3stsf.9.T4Hi69TBb3eRE3x2Fw9OkRBi4YIU6vzz6uCvM1BK0Kh_ZHavXX

    38hZ3IhfT_mgu6cNzFZFqR6wZvSSDR8x3.PoMrbxiQ43LTWezvnIkffU3.zHu2CNQXexWW.

    OEqAfRT1J0HlzsEdcQQCarz9frQCa8f2GBI4Yvr2G0lJWaBixKGQpSkxpKyrDDXTmiVaBUs

    Ivg_4Mn8yMYLzPZ1BiHljVIFIZyYoI5Ks.J4tP3ydhhe8y17Ffcr512Bgrsnj6XoT5vF0LG

    vmX.1w9EYm4h9RuU.FaOBnNbqUYMmofeQKMUybX69Ep7L2cJTijE_7pexWiq1Lz0xyp70Bd

    4ghW9bNA0by_33yFVoaNwtALTdOkfiG0F7121vMv8k3jWruHURs4QvqaDhQ9Li9lAHD7Plu

    mD6ydeSnF6dIxZ0C1eO25Ylg61BMklfqFYPeufoCklzpD6eHBRIc7nSo4X7l5u1PFWof292

    3DANkjbW.5Nk84rxCWDFukhFn2MDD05haquE6B83Y91Pmlnm2L08oM.PyWo1DmKFJElVNxX

    VG_f4O6AI9XtYEB_ts7KKk9Fgc0CGR6LSBGko0YO2MV0QLSyk5mNZxMDYYevRPJEIyD_iIZ

    G4.dOVMDoXJzkyEjf28JCmTO.l8gqqSLj13R7b3A.oRGvZaTJxQYwiyEx_Brf04iNniEuAI

    IxsDjy_pz4vSCFzu7.9PWGHx6IY-%26oauth_signature_method%3DHMAC-SHA1%26oauth_nonce%3D3b5f59396a3c968b94e3fe1fda1acb3c%26oauth_timestamp%3D12738

    01265%26oauth_version%3D1.0
    0
  • Hi flyeag,

    There are quite a few problems in your signature base string:

    - The parameters are not sorted. E.g., oauth_nonce should go before
    oauth_token.

    - Your oauth_token is not URL encoded enough times. It should take
    the form of "oauth_token%3DA%253D..."

    I would suggest you check existing OAuth libraries http://oauth.net/code
    and see how they generate the signature base string.

    Thanks,
    Yu Wang
    0
  • QUOTE (omiga @ May 14 2010, 10:28 PM) <{POST_SNAPBACK}>
    Hi flyeag,

    There are quite a few problems in your signature base string:

    - The parameters are not sorted. E.g., oauth_nonce should go before
    oauth_token.

    - Your oauth_token is not URL encoded enough times. It should take
    the form of "oauth_token%3DA%253D..."

    I would suggest you check existing OAuth libraries http://oauth.net/code
    and see how they generate the signature base string.

    Thanks,
    Yu Wang

    Thanks omiga. I got it. Because the parameters should be sorted by lexicographic queue.
    0

Recent Posts

in OAuth General Discussion YDN SDKs