0

oauth_problem=signature_invalid for get request token

I want get auth_token by using HMAC-SHA1, but oauth_problem=signature_invalid.(However, I can get auth_token by using PLAINTEXT)
This is my request. It's success.(with PLAINTEXT)
CODEBOX
String requestPath = "https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_consumer_key="
+ Consumer_Key
+ "&oauth_nonce=abcde" +
"&oauth_signature_method=PLAINTEXT" +
"&oauth_signature="
+ Consumer_Secret
+ "%26&oauth_timestamp=" + timestamp +
"&oauth_version=1.0" +
"&xoauth_lang_pref=en-us" +
"&oauth_callback=oob";
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet(requestPath);

ResponseHandler<String> responseHandler = new BasicResponseHandler();
String responseBody = httpclient.execute(httpget, responseHandler);

It's fail and.(with HMAC-SHA1)
CODEBOX
String param = "oauth_consumer_key=" + URLEncoder.encode(Consumer_Key,"utf8")+
"&oauth_nonce=" + URLEncoder.encode("abcde","utf8")+
"&oauth_signature_method=" + URLEncoder.encode("HMAC-SHA1","utf8")+
"&oauth_timestamp=" + timestamp +
"&oauth_version=" + URLEncoder.encode("1.0","utf8")+
"&xoauth_lang_pref=" + URLEncoder.encode("en-us","utf8")+
"&oauth_callback=" + URLEncoder.encode("oob","utf8");

String url = "https://api.login.yahoo.com/oauth/v2/get_request_token";

String BaseText = "GET&" + URLEncoder.encode(url,"utf8") + "&" + URLEncoder.encode(param,"utf8");

String KeyText = Consumer_Secret + "&";

String sha = HMACSHA1.getHashingCode(BaseText, KeyText);

String sh = URLEncoder.encode(sha,"utf8");

String requestSha = "https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_consumer_key="
+ Consumer_Key
+ "&oauth_nonce=abcde" +
"&oauth_signature_method=HMAC-SHA1" +
"&oauth_signature=" + sh
+ "&oauth_timestamp=" + timestamp +
"&oauth_version=1.0" +
"&xoauth_lang_pref=en-us" +
"&oauth_callback=oob";

HttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet(requestSha);


ResponseHandler<String> responseHandler = new BasicResponseHandler();
String responseBody = httpclient.execute(httpget, responseHandler);


Please kindly help this. May I miss something and give me ideas? Thanks a lot!

by
5 Replies
  • Hi Raven,

    Can you please provide the detailed HTTP request and responses
    so we can check them from our end?

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0
  • Hi Yu Wang
    Thanks for your reply. This is detail of request and response:
    Request:
    CODEBOX
    GET https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_consumer_key=dj0yJmk9aXlUc1VxaGJlWnVIJmQ9WVdrOVpVTkRPVVJ1TkRRbWNHbzlNekV6T
    1RVMk5qSS0mcz1jb25zdW1lcnNlY3JldCZ4PTYw&oauth_nonce=abcde&oauth_signature_method=HMAC-SHA1&oauth_signature=QYc4O%2FzUsCxxuMNmECjX%2BRIcaSo%3D&oauth_timestamp=1285756249&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=oob HTTP/1.1

    Response:
    CODEBOX
    HTTP/1.1 401 Forbidden


    This information is enough for you help solve this problem? Thanks a lot.

    QUOTE (omiga @ Sep 27 2010, 10:09 PM) <{POST_SNAPBACK}>
    Hi Raven,

    Can you please provide the detailed HTTP request and responses
    so we can check them from our end?

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0
  • Hi Raven,

    Can you please try with PLAINTEXT signature? Usually it
    is much easier to start with that without degrading security
    because the request to Yahoo! OAuth server should always
    be over HTTPS.

    I'll also check why your request failed in the first place.

    Thanks,
    Yu Wang
    0
  • Hi Yu Wang
    Thanks for your reply. For getting token, I can pass request to Yahoo successful by using PLAINTEXT. But HMAC-SHA1 is fail. However, I want to get contact list by using Yahoo API. In final step of calling Yahoo API, I need to send the request with HMAC-SHA1. It always show 403 error message. I'm suppose that something wrong when I pass request with HMAC-SHA1. I tried to get request token with HMAC-SHA1. I think that getting request token successful with HMAC-SHA1, calling API should be ok. But HMAC-SHA1 still fail whether taking token or calling API.
    QUOTE (omiga @ Oct 1 2010, 01:31 PM) <{POST_SNAPBACK}>
    Hi Raven,

    Can you please try with PLAINTEXT signature? Usually it
    is much easier to start with that without degrading security
    because the request to Yahoo! OAuth server should always
    be over HTTPS.

    I'll also check why your request failed in the first place.

    Thanks,
    Yu Wang
    0
  • Hi Raven,

    I have tried with the following request and it works

    https://api.login.yahoo.com/oauth/v2/get_re...rUYDnO%2BjN4%3D

    Follwing is the Signature Base String for the above request:

    GET&https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Fget_request_token&oauth_callback%3Doob%26oauth_consumer_key%3Ddj0yJmk9aXlUc1VxaGJlWnVIJmQ9WVdrOVpVTkRPVVJ1TkRRbWNHbzlNekV6T1RVMk5qSS0mcz1jb2
    5zdW1lcnNlY3JldCZ4PTYw%26oauth_nonce%3Dabcde%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1286474651%26oauth_version%3D1.0%26xoauth_lang_pref%3Den-us

    Following is the signature (before URL encoding):
    Y/sGjDbwsWUCKSa+prUYDnO+jN4=

    Can you please check if you can get the same?

    Thanks,
    Yu Wang
    0

Recent Posts

in OAuth General Discussion YDN SDKs