Reputation: 295
Yahoo Oauth in Ruby API Request - Signature Invalid
I have already successfully gotten the access token and access secret. Now I'm trying to make an API request with the OAuth information.
I'm following alongside the yahoo docs (not very helpful): https://developer.yahoo.com/oauth/guide/oauth-make-request.html https://developer.yahoo.com/oauth/guide/oauth-signing.html
Also, I'm trying to follow this example closely: https://gist.github.com/cheenu/1469815
Here is the code: (I split up the long url for convenience)
require 'cgi'
require 'base64'
require 'openssl'
url = "http://fantasysports.yahooapis.com/fantasy/v2/game/nfl"
parameters = "format=json
&realm=yahooapis.com
&oauth_consumer_key=#{Rails.application.secrets.yhoo_consumer_key}
&oauth_nonce=#{SecureRandom.hex}
&oauth_signature_method=HMAC-SHA1
&oauth_timestamp=#{Time.now.to_i}
&oauth_token=#{ApiVar.final_oauth_token} #the access token
&oauth_version=1.0"
base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters)
oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1', ApiVar.final_oauth_secret + "&", base_string)}").chomp)
#ApiVar.final_oauth_secret is the access token secret - is that what I should be putting there?
testable_url = url + '?' + parameters + '&oauth_signature=' + oauth_signature
p testable_url
response = HTTParty.get(testable_url)
My response gives me "signature_invalid."
What am I doing wrong?
Thank you!
Upvotes: 1
Views: 438
Answers (2)
Reputation: 295
url = "http://fantasysports.yahooapis.com/fantasy/v2/league/{league-key}/players"
parameters = "format=json&oauth_consumer_key=#{Rails.application.secrets.yhoo_consumer_key}&oauth_nonce=#{SecureRandom.hex}&oauth_signature_method=HMAC-SHA1&oauth_timestamp=#{Time.now.to_i}&oauth_token=#{ApiVar.final_oauth_token}&oauth_version=1.0&realm=yahooapis.com"
base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters)
secret = "#{Rails.application.secrets.yhoo_consumer_secret}&#{ApiVar.final_oauth_secret}"
oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1', secret, base_string)}").chomp)
testable_url = url + '?' + parameters + '&oauth_signature=' + oauth_signature
p testable_url
response = HTTParty.get(testable_url)
#{Rails.application.secrets.yhoo_consumer_secret}&#{ApiVar.final_oauth_secret}" - correct secret key
The parameters have to be ordered alphabetically! Also, the secret key is the yahoo consumer secret plus the final oauth secret!
Upvotes: 3
Reputation: 7117
The first thing that I can see as problematic is that the paremeters have a lot of whitespace that you do not want. Try the following instead:
parameters = "format=json" +
"&realm=yahooapis.com" +
"&oauth_consumer_key=#{Rails.application.secrets.yhoo_consumer_key}" +
"&oauth_nonce=#{SecureRandom.hex}" +
"&oauth_signature_method=HMAC-SHA1" +
"&oauth_timestamp=#{Time.now.to_i}" +
"&oauth_token=#{ApiVar.final_oauth_token}" +
"&oauth_version=1.0"
The other issue is that I do not believe your secret key needs the ampersand symbol added to it when you're creating the signature:
oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1', ApiVar.final_oauth_secret, base_string)}").chomp)
Upvotes: 0
Related Questions
- Yahoo API and the dreaded oauth_problem="signature_invalid"
- OAuth2 INTRIDEA gem and HTTP basic authentication header
- error fetching Oauth2 token from yahoo: OAuth2::Error invalid_request: {"error":"invalid_request"}
- Yahoo API with Ruby on Rails and OAUTH2
- Using Ruby OAuth to connect to Yahoo Contacts API
- Yahoo OAuth 1.0 Callback Issue?
- MAking API request always got "token_rejected" error
- signature_invalid when trying to get request_token (Yahoo)
- Yahoo returns "signature_invalid" when i use OAuth
- issue with yql (yahoo api's) using oauth