Reputation: 342
Magento REST API signature invalid
Via the Magento OAuth API i have managed to obtain an access_token and access_token_secret. The call to acquire these requires a valid signature. Since i'm using the plainOAuth library and I'm able to sign the authorize request valid I'm I suspect the library is not the issue.
Issue: Once Im making a REST call "test.magentohost.com/api/rest/products" using the tokens and consumer token's, i get the response invalid signature. The sig is signed using consumer/access token secret via the library and (i think) all params are in the header. I hope anyone can see a mistake in my header, it's driving me nuts!
This is my "Authorization" header.
oauth_realm="",
oauth_timestamp="1340011522",
oauth_nonce="ff5c167677069d9770d5cfc1dba12e0fc1d924f9",
oauth_signature_method="HMAC-SHA1",
oauth_consumer_key="ic88q1nq0iitd9tmowz6bs3dzg2d07ng",
oauth_version="1.0",
oauth_token="uye05e0pb0f8dap1ovglecxoq6ziee35",
oauth_signature="G%2Frl7S%2Bw57pjCk8xk1DMpOLkjxI%3D"
Upvotes: 2
Views: 4225
Answers (2)
Reputation: 4373
I had this issue and I got working version after make these steps. But before, example request token signature
POST&http%3A%2F%2Fmagento.test.com%2Foauth%2Ftoken%2Frequest%2F&oauth_consumer_key%3Duaa3romggcur5yrjjm85ydiunfxfyuxx%26oauth_nonce%3D1479663271%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1479663271%26oauth_version%3D1.0
- Take a note, that between method and url and other params, they use & without apply urlencode. This is for split arguments with params, I think.
- During request token we should not put oauth_token into params.
All parameters must be sorted in alphabetical order and the characters must be escaped with function like the urlencode:
this
http%3A%2F%2Fmagento.test.com%2Foauth%2Ftoken%2Frequest%2F
instead this:
http://magento.test.com/oauth/token/request
and this
oauth_consumer_key%3Duaa3romggcur5yrjjm85ydiunfxfyuxx%26oauth_nonce%3D1479663271%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1479663271%26oauth_version%3D1.0
instead this
oauth_consumer_key=uaa3romggcur5yrjjm85ydiunfxfyuxx&oauth_nonce=1479663271&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1479663271&oauth_version=1.0
Upvotes: 1
Reputation: 236
I think there is a bug inside Magento Core. I just filed a bug report here: http://www.magentocommerce.com/bug-tracking/issue?issue=14307 (unfortunately you have to be logged in magento site to see it).
Basically they include clients signature in calculating server signature and then comparing both of them which always fails.
Please let me know how you solved this?
Upvotes: 1
Related Questions
- How to generate a signature for OAuth
- why am I getting "Signature mismatch. Authorization signature or thing credential is wrong"?
- Invalid signature REST API Magento 2
- Invalid signature: oauth_signature
- OAuth: invalid oauth_signature
- How to resolve "Invalid signature. Expected signature base string" in OAuth 1.0
- Getting Invalid Signature error with woocommerce rest api using oauth 1.0a
- PHP Oauth Invalid signature issue
- Magento Rest Oauth API (Signature Invalid) 401
- signature_invalid:Failed to validate signature