0

oauth_problem=signature_invalid

this is killing me ... okay:

the first part works beautifully and i able to get the request_token:

$result = $oauth->post("https://api.login.yahoo.com/oauth/v2/get_request_token", "application/x-www-form-urlencoded",
array(
'oauth_callback' => 'http://www.opengospel.com/apis/yahoo/social.php',
'oauth_consumer_key' => API_KEY,
'oauth_signature_method' => 'PLAINTEXT',
'oauth_version' => '1.0',
'oauth_verifier' => '',
'oauth_timestamp' => time(),
'oauth_nonce' => mt_rand(),
'oauth_signature' => SHARED_SECRET)
);

I then take the oauth_token_secret i get in the response and create a session variable for it:

$_SESSION['oauth_token_secret'] = $output["oauth_token_secret"];

I do this because after the user signs in on the yahoo pages, it will redirect back this this same script.

So when i come back to the script, i try to get the access_token:

$result = $oauth->post("https://api.login.yahoo.com/oauth/v2/get_token", "application/x-www-form-urlencoded",
array(
'oauth_consumer_key' => API_KEY,
'oauth_signature_method' => 'PLAINTEXT',
'oauth_version' => '1.0',
'oauth_verifier' => $_GET["oauth_verifier"],
'oauth_token' => $_GET["oauth_token"],
'oauth_timestamp' => time(),
'oauth_nonce' => mt_rand(),
'oauth_signature' => SHARED_SECRET.'&'.$_SESSION['oauth_token_secret'])
);
var_dump($result); exit;

NO MATTER WHAT I DO THE OAUTH SIGNATURE IS INVALID!!!!

Any help would be greatly appreciated. This is killing me slow!!

I've gotten the much more involved OpenID+OAuth to work just fine, but simple OAuth hates me!!

by
2 Replies
  • QUOTE (Jason @ May 7 2010, 08:31 AM) <{POST_SNAPBACK}>
    this is killing me ... okay:

    the first part works beautifully and i able to get the request_token:

    $result = $oauth->post("https://api.login.yahoo.com/oauth/v2/get_request_token", "application/x-www-form-urlencoded",
    array(
    'oauth_callback' => 'http://www.opengospel.com/apis/yahoo/social.php',
    'oauth_consumer_key' => API_KEY,
    'oauth_signature_method' => 'PLAINTEXT',
    'oauth_version' => '1.0',
    'oauth_verifier' => '',
    'oauth_timestamp' => time(),
    'oauth_nonce' => mt_rand(),
    'oauth_signature' => SHARED_SECRET)
    );


    yees, we have this problem too, anybody help!


    I then take the oauth_token_secret i get in the response and create a session variable for it:

    $_SESSION['oauth_token_secret'] = $output["oauth_token_secret"];

    I do this because after the user signs in on the yahoo pages, it will redirect back this this same script.

    So when i come back to the script, i try to get the access_token:

    $result = $oauth->post("https://api.login.yahoo.com/oauth/v2/get_token", "application/x-www-form-urlencoded",
    array(
    'oauth_consumer_key' => API_KEY,
    'oauth_signature_method' => 'PLAINTEXT',
    'oauth_version' => '1.0',
    'oauth_verifier' => $_GET["oauth_verifier"],
    'oauth_token' => $_GET["oauth_token"],
    'oauth_timestamp' => time(),
    'oauth_nonce' => mt_rand(),
    'oauth_signature' => SHARED_SECRET.'&'.$_SESSION['oauth_token_secret'])
    );
    var_dump($result); exit;

    NO MATTER WHAT I DO THE OAUTH SIGNATURE IS INVALID!!!!

    Any help would be greatly appreciated. This is killing me slow!!

    I've gotten the much more involved OpenID+OAuth to work just fine, but simple OAuth hates me!!
    0
  • Hi Jason,

    It is not clear in your code what $oauth->post() will send to the
    Yahoo! OAuth server. Can you please output the exact POST data
    you send?

    If you have access to tool such as wget (http://www.gnu.org/software/wget/)
    or curl (http://curl.haxx.se/), you can construct the post request
    manually with either of the following commands:

    wget -S -d https://api.login.yahoo.com/oauth/v2/get_request_token --post-data="oauth_version=1.0&oauth_nonce=8c76a87ffd3e4f48b53ed4b669b0b35f&oauth_timestamp=1268432350&oauth_consumer_key=dj0yJmk9TUJETmxhUG9WbDlPJmQ9WVdrOWR6Um9kRkl3TXpRbWNHbzlNV
    GszTVRBM05USXhOQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02MQ--&oauth_signature_method=PLAINTEXT&oauth_signature=821ce9362da7d3d441265e77469a1339c42097612526&oauth_callback=oob"

    curl https://api.login.yahoo.com/oauth/v2/get_request_token -d "oauth_version=1.0&oauth_nonce=8c76a87ffd3e4f48b53ed4b669b0b35f&oauth_timestamp=1268432350&oauth_consumer_key=dj0yJmk9TUJETmxhUG9WbDlPJmQ9WVdrOWR6Um9kRkl3TXpRbWNHbzlNV
    GszTVRBM05USXhOQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02MQ--&oauth_signature_method=PLAINTEXT&oauth_signature=821ce9362da7d3d441265e77469a1339c42097612526&oauth_callback=oob" -v

    By checking the actual POST you send, we can help check why it fails
    the signature check.


    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0

Recent Posts

in OAuth General Discussion YDN SDKs