CODEWITHSUNDEEP
php
Lennie
Lennie

Reputation: 2069

Calculate HMAC-SHA1 Signature

I got the code below in PHP but getting a error from my server that am not authorised so am prob doing something wrong in calculation of the $signature for the oauth_signature field.

Am not setting any HTTP headers.

        include_once "oauth-php/library/OAuthStore.php";
        include_once "oauth-php/library/OAuthRequester.php";

        $key = 'xx'; // this is your consumer key
        $secret = 'xx'; // this is your secret key
        $req_url = "http://www.sample.com"; 

        $options = array( 'consumer_key' => $key, 'consumer_secret' => $secret);

    OAuthStore::instance("2Leg", $options );

    $method = "POST";

$params = array( 'oauth_consumer_key' => $key, 'oauth_signature_method' => 'HMAC-SHA1', 'oauth_timestamp' => time(), 'oauth_nonce' => time(), 'user_id' => '1234' );

    $post_string = ''; 
foreach($params as $key => $value) {
        $post_string .= $key.'='.($value).'&'; 
} 
$post_string = rtrim($post_string, '&'); 
$base_string = urlencodeRFC3986($post_string); 
$signature = base64_encode(hash_hmac('sha1', $base_string, $secret, true));

$params['oauth_signature'] = $signature;
try {
            $request = new OAuthRequester($req_url, $method, $params);

            $result = $request->doRequest();
            var_dump($result); 
} 
catch(OAuthException2 $e)
{   
var_dump($e); 
}

function urlencodeRFC3986($string) 
{    
return str_replace('%7E', '~', rawurlencode($string)); 
}

Upvotes: 2

Views: 4282

Answers (1)

Mr. Llama
Mr. Llama

Reputation: 20889

A few things:

1) Don't set 'oauth_signature_method' as array('HMAC-SHA1'). Just use 'HMAC-SHA1' or else you'll end up with oauth_signature_method=Array in your post string.

2) Don't include oauth_signature in the param list until after you've calculated the signature. See this question for more details: https://stackoverflow.com/questions/9986533/what-does-oauth-signature-sign

You should end up with something like:

$params = array(
                'oauth_consumer_key' => $key, 
                'oauth_signature_method' =>  'HMAC-SHA1',
                'oauth_timestamp' => time(),
                'oauth_nonce' => time(),
                'user_id' => '1234'
                );

$post_string = '';
foreach($content as $key => $value)
{
    $post_string .= $key.'='.($value).'&';
}
$post_string = rtrim($post_string, '&');

$base_string = urlencodeRFC3986($post_string);

$signature = base64_encode(hash_hmac('sha1', $base_string, $secret, true));

$params['oauth_signature'] = $signature;

Upvotes: 1

Related Questions