0

delicious oAuth Request error (401)

Hiya, I'm trying to use oAuth to verify credentials for use with delicious. I'm working on a desktop application and I can get as far as Step 5/6/7-ish following your scale here (http://delicious.com/help/oauthapi).

Using the same core oAuth component that I use for Twitter (successfully), I'm having problems requesting tags for a URL. So I'm using "https://api.del.icio.us/v2/posts/suggest". I've written this in basic authentication using POST, so I plan on posting the URL parameter.

My attempt gives me the 401 authorization error.

Perhaps I'm not sending the correct information in the Auth Header? Here's what I'm sending as a base header: oauth_timestamp, oauth_nonce, oauth_signature_method, oauth_consumer_key, oauth_version, oauth_token.

Here's a sample written by the app:
CODE
OAuth realm="yahooapis.com", 
oauth_timestamp="1264459940",
oauth_nonce="cd9e5152b6c3af732d0a73060049042432cbe123",
oauth_signature_method="HMAC-SHA1",
oauth_consumer_key="{removed}",
oauth_version="1.0",
oauth_token="A%25253Dca0nce_i4A5SIdKVlFIchXUPEQRfL9.rCk2dH75i.ZnMlJmvdQ6WfjBXvejaopGIBTMmLae7rN
pMMzhdB737VGk3zTqD5KYovuoAk6UO2GPWP4Z_fuQuBbbjU5waj.SilSSChHxEUGz_4LEIWGXWabS4VZW
oz.dTR0OiAMdaJWoiiIp3LAg5uh3n3uveW1J4mMqnPPvigjotISw0QGtb5InAx2ECwJvyo8dacjxD9srd
jFYuE6Zsp5TwJ9hJAKTstSBwa_Me3WWW8XmAF9dShuFgds4Q5yhOAH_0Uhcsm63w9qFnSrjS8iWpIkV04
Iz.dVEePldo1zyyyObU74blYYaccAAWhq0F2FzTn210pPW_F.s2hd9qZxl7mQ217hTpItAcN3H_mQAbZk
z99d0ar16XxXxjoqvorjZn8GG4FKJpF5CctbHyz5OtZUc571XTiJR.d63vboKchLRpUma4RLEHywj4.9x
.Ipjjnb.CIfj8TEzK7gRGVeUCUQFujoDgFQQQkYnA6eFphUAHKwsO3GvPb7ZK0BX4zuNefJEHl7dVEf5q
l57BkQ24YxnpexwR_lH3bTN_lTK5RCE9W2HEK47vx6Rhl41tlhgp5hEeV4m5d6WvWL65cBwWCsFXU63gs
YJNlKAnferyaST8tBgC3EgujjPTlWBvfiHMwfNYV3JtWIt.hmpuzBaMRaQMNN14rIThAJrKyg9BFv42IZ
EAN926MjvUPs8jwC5h04_5qb99AmdjEPU-",
url="http%253A%252F%252Fwww.thestar.com%252Fsports%252Farticle%252F755489--nancy-kerrigan-s-brother-charged-after-father-found-dead%253Fbn%253D1",
oauth_signature="mN%2Bfm%2BUrAfuaCxnNUNs9Z8XPU5Q%3D"


Is there anything else needed (or not needed)?
I've read a few posts noting an inconsistent oauth_token on Yahoo's side (http://developer.yahoo.net/forum/index.php?showtopic=549). I however tried keeping an unencoded version, encoding, and encoding twice. All with no avail.

I've also tried taking the url parameter out of the header (scraping for reasons), and that didn't work either.

Any suggestions?

by
7 Replies
  • Nothing Yahoos? :(
    0
  • The host for the OAuth requests should be http://api.del.icio.us, not https://api.del.icio.us.
    Hopefully that's all.

    Chris
    0
  • QUOTE (Chris D @ Feb 4 2010, 03:39 PM) <{POST_SNAPBACK}>
    The host for the OAuth requests should be http://api.del.icio.us, not https://api.del.icio.us.
    Hopefully that's all.

    Chris


    Thanks I just tried that. I re-coded my delicious request to use GET instead of POST. I'm just trying whatever I can to make it work.
    I get the invalid signature error.

    Here is my plain text signature:
    CODE
    GET&http%3A%2%2Fapi.del.icio.us%2Fv2%2Fposts%2Fadd
    &description%3DTest
    %26oauth_callback%3Doob
    %26oauth_consumer_key%3D{removed}
    %26oauth_nonce%3D3fcff6d54e498592716fdd5fcf00e43579e42b86
    %26oauth_signature_method%3DHMAC-SHA1
    %26oauth_timestamp%3D1265328235
    %26oauth_token%3DA%3DTRn7ShHjpwOQqAqA62.vI7VVEPSN0Rvh_J2TzgGHfKS_9_j_ES4ZJYDeaTzONJAI_Zrihe2ekxinis
    SxQk5vaB1sLxTHm9wzfY0TJ87rhQYVJ6JYEamueDcHpQ6Unp_Bo2ptV9Aw9cwCXm81ovMvHMBhHPLJ6IF
    M63XU2gWaFUkoa6RiM.E7eAPtoMzHWxjTg1v8IWd7NJGfh.MDQQTCPC837yBCN8nPb6y8h.dRThLauxT3
    27sNQ0TQpjM0TIlGT9Byo_jJjIArzsgJBdREqWlDje_w6WU1JW4N5mdsdWuM.jV9OFN7m8E518_2pK8z0
    Qe68ZZlx6iKUsorApAxhWU9gHbDHiFX7qcz2Dv8iGRaMSEPC5SNTsMgWpWYeC.PStxaIJi2Uj0BNQOLre
    wcv7B1k2b0vUxbcBe_XyGrG3LSQ5tRoG2aXPw.KB15E0NyaBk5JIoWbCm3Lfhn7A2DkO31HD3Ui0nz11l
    x.Px.BURs.uyuK1rt4k3BN_l2wprjHOcg7ZPj.H9IYeDGeS0MCoBpUzgkzLoLzOBmVUx7agKkOkaQ41Zu
    .tUbqrxj4AxIM7cOFOwbacw8YlYot22vQAUTJnejHofTuktXGL4floyDuhQ9tv6Qsc5oRwx03vBf5Pdq3
    MKxd8IwiNLMbvL5n9JtEr0Tw1PjXGqciF9Us3gAxiyuMAPJa7al2eCiMYeg6B8K1viXIryVIgSVCMhY0n
    y4F2qQmYvHbaIGpZU9j3nGJt.i1Ug-
    %26oauth_version%3D1.0
    %26url%3Dhttp%3A%2F%2Fgoogle.com


    I encode this using HMAC-SHA1. The algorithm works perfect for Twitter, so I'm certain it isn't the plaintext to encrypted process.
    Also, I've tried using unencoded &'s inbetween each parameter. Finally, I also tried using %26 inbetween each parameters (including the GET and url, and url and the first parameter).

    Anything missing or wrong in this header?
    0
  • QUOTE (Will @ Feb 4 2010, 05:37 PM) <{POST_SNAPBACK}>
    Thanks I just tried that. I re-coded my delicious request to use GET instead of POST. I'm just trying whatever I can to make it work.
    I get the invalid signature error.

    Here is my plain text signature:
    CODE
    GET&http%3A%2%2Fapi.del.icio.us%2Fv2%2Fposts%2Fadd
    &description%3DTest
    %26oauth_callback%3Doob
    %26oauth_consumer_key%3D{removed}
    %26oauth_nonce%3D3fcff6d54e498592716fdd5fcf00e43579e42b86
    %26oauth_signature_method%3DHMAC-SHA1
    %26oauth_timestamp%3D1265328235
    %26oauth_token%3DA%3DTRn7ShHjpwOQqAqA62.vI7VVEPSN0Rvh_J2TzgGHfKS_9_j_ES4ZJYDeaTzONJAI_Zrihe2ekxinis
    SxQk5vaB1sLxTHm9wzfY0TJ87rhQYVJ6JYEamueDcHpQ6Unp_Bo2ptV9Aw9cwCXm81ovMvHMBhHPLJ6I
    F
    M63XU2gWaFUkoa6RiM.E7eAPtoMzHWxjTg1v8IWd7NJGfh.MDQQTCPC837yBCN8nPb6y8h.dRThLauxT
    3
    27sNQ0TQpjM0TIlGT9Byo_jJjIArzsgJBdREqWlDje_w6WU1JW4N5mdsdWuM.jV9OFN7m8E518_2pK8z
    0
    Qe68ZZlx6iKUsorApAxhWU9gHbDHiFX7qcz2Dv8iGRaMSEPC5SNTsMgWpWYeC.PStxaIJi2Uj0BNQOLr
    e
    wcv7B1k2b0vUxbcBe_XyGrG3LSQ5tRoG2aXPw.KB15E0NyaBk5JIoWbCm3Lfhn7A2DkO31HD3Ui0nz11
    l
    x.Px.BURs.uyuK1rt4k3BN_l2wprjHOcg7ZPj.H9IYeDGeS0MCoBpUzgkzLoLzOBmVUx7agKkOkaQ41Z
    u
    .tUbqrxj4AxIM7cOFOwbacw8YlYot22vQAUTJnejHofTuktXGL4floyDuhQ9tv6Qsc5oRwx03vBf5Pdq
    3
    MKxd8IwiNLMbvL5n9JtEr0Tw1PjXGqciF9Us3gAxiyuMAPJa7al2eCiMYeg6B8K1viXIryVIgSVCMhY0
    n
    y4F2qQmYvHbaIGpZU9j3nGJt.i1Ug-
    %26oauth_version%3D1.0
    %26url%3Dhttp%3A%2F%2Fgoogle.com


    I encode this using HMAC-SHA1. The algorithm works perfect for Twitter, so I'm certain it isn't the plaintext to encrypted process.
    Also, I've tried using unencoded &'s inbetween each parameter. Finally, I also tried using %26 inbetween each parameters (including the GET and url, and url and the first parameter).

    Anything missing or wrong in this header?


    Hi Will,

    It looks like your Base String is not correctly built.
    When you build the string with all the parameters, you need to ensure the values are url-encoded. From above, you have:
    %26url%3Dhttp%3A%2F%2Fgoogle.com
    whereas it should be
    %26url%3Dhttp%253A%252F%252Fgoogle.com

    You need to build it up as param1=<urlencoded value1>&param2=<urlencoded value 2> etc
    and then url-encode the whole string (as you have done above).

    Chris
    0
  • QUOTE (Chris D @ Feb 5 2010, 08:37 AM) <{POST_SNAPBACK}>
    Hi Will,

    It looks like your Base String is not correctly built.
    When you build the string with all the parameters, you need to ensure the values are url-encoded. From above, you have:
    %26url%3Dhttp%3A%2F%2Fgoogle.com
    whereas it should be
    %26url%3Dhttp%253A%252F%252Fgoogle.com

    You need to build it up as param1=<urlencoded value1>&param2=<urlencoded value 2> etc
    and then url-encode the whole string (as you have done above).

    Chris


    OK, I fixed that problem. Thanks for the quick reply. I still get invalid signature. I've played around a bit with different settings and can't get anything to work yet.

    Hopefully you can help. Here's the new signature I make (before HMAC-SHA1):
    CODE
    GET
    &http%3A%2F%2Fapi.del.icio.us%2Fv2%2Fposts%2Fadd
    &description%3Dt
    %26oauth_callback%3Doob
    %26oauth_consumer_key%3D{removed}
    %26oauth_nonce%3De2a50fc6562f7760239556bbc8fbc7fec871ad69
    %26oauth_signature_method%3DHMAC-SHA1
    %26oauth_timestamp%3D1265413180
    %26oauth_token%3DA%253DdE7Gj_zAozykUQMG3NjutS_qe6tjpk.Z5.42gZK4HQv2yk3E.GAt_H.dSoevFBNWMuf2loifyMHc
    AB00zugEEh8Thk.jJAL1N7ZZDAax7ToBgi.gYjK0vUaLEaAdic.hejEUwmdi6QTdo6xv.e0FjRjXOMD.N
    CTwssYohGtsyNAbab3I2lCLAJOV8m8Wt22HplZUs0zbfe2vSeAhxqwUuZATp9F.OEhP7ZgCCWq8X4DFTz
    rKUEu9vl3lrl4feGfqYWz0BcePfoHrFy3iiVPNxfQDiSjvqIhsFOxAlM7FyuWv2i9NZWIFUverGFKtK9A
    WdAywFQ6i8wsOPuEmflw1eSU3Mbq13clmHqY6_wGztWLw..PeBiTbImGd9fzyCZJV_60p0n49RFh8x5eD
    hStswKj9piEtkMgqcT8Ou9Zk1NBiLRyoa98gCiphbxoE4qr3PrJ1YsnBAsZ9v5ZXe5gy27ORGP2DIU_Mr
    seUEFhFmdwKF22mhdcZpmLfbIBTKpqv6RxaaENPry7j3oct0Np5wyDf5CBWS1_arLu2ihtfSD2D2UqUBU
    1IQLEjzW6WGAYWqTxxk104fc2JCptTgatHfQV7FWuzePUnwR1oX8ZjcAfuVOlJPwFjWsvcEc1aCEuatbf
    EfvfdxILBZEkDNvXSHo6YG8lmliWGJtBhgFw4XR.oLR5PoQTLxAGHFwHD_GdhKQOz0i2L_mUTXVYTA.vQ
    .7Rp2kQ4RUJX9_in5ymUQ39OgviQzMU-
    %26oauth_version%3D1.0%26url%3Dhttp%253A%252F%252Fgoogle.com


    As you can see, I fixed the encoding problem you pointed out.
    When I sign with HMAC, I use "<consumer secret>&<token secret>".
    Then I build the URL string before the actual request. Using the standard GET format:
    <request_url>?<param name>=<urlencoded param value>&<param name2>=<urlencoded param value2>&.....

    So here's a sample of my url:
    CODE
    http://api.del.icio.us/v2/posts/add
    ?oauth_token=A%3DdE7Gj_zAozykUQMG3NjutS_qe6tjpk.Z5.42gZK4HQv2yk3E.GAt_H.dSoevFBNWMuf2loifyMHcAB
    00zugEEh8Thk.jJAL1N7ZZDAax7ToBgi.gYjK0vUaLEaAdic.hejEUwmdi6QTdo6xv.e0FjRjXOMD.NCT
    wssYohGtsyNAbab3I2lCLAJOV8m8Wt22HplZUs0zbfe2vSeAhxqwUuZATp9F.OEhP7ZgCCWq8X4DFTzrK
    UEu9vl3lrl4feGfqYWz0BcePfoHrFy3iiVPNxfQDiSjvqIhsFOxAlM7FyuWv2i9NZWIFUverGFKtK9AWd
    AywFQ6i8wsOPuEmflw1eSU3Mbq13clmHqY6_wGztWLw..PeBiTbImGd9fzyCZJV_60p0n49RFh8x5eDhS
    tswKj9piEtkMgqcT8Ou9Zk1NBiLRyoa98gCiphbxoE4qr3PrJ1YsnBAsZ9v5ZXe5gy27ORGP2DIU_Mrse
    UEFhFmdwKF22mhdcZpmLfbIBTKpqv6RxaaENPry7j3oct0Np5wyDf5CBWS1_arLu2ihtfSD2D2UqUBU1I
    QLEjzW6WGAYWqTxxk104fc2JCptTgatHfQV7FWuzePUnwR1oX8ZjcAfuVOlJPwFjWsvcEc1aCEuatbfEf
    vfdxILBZEkDNvXSHo6YG8lmliWGJtBhgFw4XR.oLR5PoQTLxAGHFwHD_GdhKQOz0i2L_mUTXVYTA.vQ.7
    Rp2kQ4RUJX9_in5ymUQ39OgviQzMU-
    &oauth_consumer_key={removed}
    &oauth_signature_method=HMAC-SHA1
    &oauth_version=1.0
    &oauth_timestamp=1265413180
    &oauth_nonce=e2a50fc6562f7760239556bbc8fbc7fec871ad69
    &description=t
    &url=http%3A%2F%2Fgoogle.com
    &oauth_signature=7dQujlY9V4RXE9wCbF4PTmP3gYc=


    Any ideas why that is getting invalid signature? Thanks!
    0
  • Hey Will,

    Not quite sure, but you might want to take a look at this.http://delicious.com/help/oauthapi
    Apologies for the formatting, but it might help.

    The other thing to try is to hit an api that doesn't require any parameters, since this is usually where the problems creep in.

    Sorry I can't offer any more advice.
    Chris
    0
  • Did you finally get this to work? I too am going to be writing a web app that integrates with delicious and it seems a lot of people are having problems with Yahoo and OAuth for Delicious.

    Cheers,

    Rom

    QUOTE (Will @ Feb 5 2010, 03:57 PM) <{POST_SNAPBACK}>
    OK, I fixed that problem. Thanks for the quick reply. I still get invalid signature. I've played around a bit with different settings and can't get anything to work yet.

    Hopefully you can help. Here's the new signature I make (before HMAC-SHA1):
    CODE
    GET
    &http%3A%2F%2Fapi.del.icio.us%2Fv2%2Fposts%2Fadd
    &description%3Dt
    %26oauth_callback%3Doob
    %26oauth_consumer_key%3D{removed}
    %26oauth_nonce%3De2a50fc6562f7760239556bbc8fbc7fec871ad69
    %26oauth_signature_method%3DHMAC-SHA1
    %26oauth_timestamp%3D1265413180
    %26oauth_token%3DA%253DdE7Gj_zAozykUQMG3NjutS_qe6tjpk.Z5.42gZK4HQv2yk3E.GAt_H.dSoevFBNWMuf2loifyMHc
    AB00zugEEh8Thk.jJAL1N7ZZDAax7ToBgi.gYjK0vUaLEaAdic.hejEUwmdi6QTdo6xv.e0FjRjXOMD.
    N
    CTwssYohGtsyNAbab3I2lCLAJOV8m8Wt22HplZUs0zbfe2vSeAhxqwUuZATp9F.OEhP7ZgCCWq8X4DFT
    z
    rKUEu9vl3lrl4feGfqYWz0BcePfoHrFy3iiVPNxfQDiSjvqIhsFOxAlM7FyuWv2i9NZWIFUverGFKtK9
    A
    WdAywFQ6i8wsOPuEmflw1eSU3Mbq13clmHqY6_wGztWLw..PeBiTbImGd9fzyCZJV_60p0n49RFh8x5e
    D
    hStswKj9piEtkMgqcT8Ou9Zk1NBiLRyoa98gCiphbxoE4qr3PrJ1YsnBAsZ9v5ZXe5gy27ORGP2DIU_M
    r
    seUEFhFmdwKF22mhdcZpmLfbIBTKpqv6RxaaENPry7j3oct0Np5wyDf5CBWS1_arLu2ihtfSD2D2UqUB
    U
    1IQLEjzW6WGAYWqTxxk104fc2JCptTgatHfQV7FWuzePUnwR1oX8ZjcAfuVOlJPwFjWsvcEc1aCEuatb
    f
    EfvfdxILBZEkDNvXSHo6YG8lmliWGJtBhgFw4XR.oLR5PoQTLxAGHFwHD_GdhKQOz0i2L_mUTXVYTA.v
    Q
    .7Rp2kQ4RUJX9_in5ymUQ39OgviQzMU-
    %26oauth_version%3D1.0%26url%3Dhttp%253A%252F%252Fgoogle.com


    As you can see, I fixed the encoding problem you pointed out.
    When I sign with HMAC, I use "<consumer secret>&<token secret>".
    Then I build the URL string before the actual request. Using the standard GET format:
    <request_url>?<param name>=<urlencoded param value>&<param name2>=<urlencoded param value2>&.....

    So here's a sample of my url:
    CODE
    http://api.del.icio.us/v2/posts/add
    ?oauth_token=A%3DdE7Gj_zAozykUQMG3NjutS_qe6tjpk.Z5.42gZK4HQv2yk3E.GAt_H.dSoevFBNWMuf2loifyMHcAB
    00zugEEh8Thk.jJAL1N7ZZDAax7ToBgi.gYjK0vUaLEaAdic.hejEUwmdi6QTdo6xv.e0FjRjXOMD.NC
    T
    wssYohGtsyNAbab3I2lCLAJOV8m8Wt22HplZUs0zbfe2vSeAhxqwUuZATp9F.OEhP7ZgCCWq8X4DFTzr
    K
    UEu9vl3lrl4feGfqYWz0BcePfoHrFy3iiVPNxfQDiSjvqIhsFOxAlM7FyuWv2i9NZWIFUverGFKtK9AW
    d
    AywFQ6i8wsOPuEmflw1eSU3Mbq13clmHqY6_wGztWLw..PeBiTbImGd9fzyCZJV_60p0n49RFh8x5eDh
    S
    tswKj9piEtkMgqcT8Ou9Zk1NBiLRyoa98gCiphbxoE4qr3PrJ1YsnBAsZ9v5ZXe5gy27ORGP2DIU_Mrs
    e
    UEFhFmdwKF22mhdcZpmLfbIBTKpqv6RxaaENPry7j3oct0Np5wyDf5CBWS1_arLu2ihtfSD2D2UqUBU1
    I
    QLEjzW6WGAYWqTxxk104fc2JCptTgatHfQV7FWuzePUnwR1oX8ZjcAfuVOlJPwFjWsvcEc1aCEuatbfE
    f
    vfdxILBZEkDNvXSHo6YG8lmliWGJtBhgFw4XR.oLR5PoQTLxAGHFwHD_GdhKQOz0i2L_mUTXVYTA.vQ.
    7
    Rp2kQ4RUJX9_in5ymUQ39OgviQzMU-
    &oauth_consumer_key={removed}
    &oauth_signature_method=HMAC-SHA1
    &oauth_version=1.0
    &oauth_timestamp=1265413180
    &oauth_nonce=e2a50fc6562f7760239556bbc8fbc7fec871ad69
    &description=t
    &url=http%3A%2F%2Fgoogle.com
    &oauth_signature=7dQujlY9V4RXE9wCbF4PTmP3gYc=


    Any ideas why that is getting invalid signature? Thanks!
    0

Recent Posts

in OAuth General Discussion YDN SDKs