DaVinci007
Reputation: 83
oauth signature Invalid - Smugmug - PHP - cURL
I am getting OAUTH signature invalid error. Can someone please check what am I doing wrong. Below is my PHP Code, I ran through lot of docs and auth bible website too but below code is not working ! please help !!! I have removed my key and secret for security reasons.
=============================================================
$host = "https://secure.smugmug.com/services/oauth/1.0a/getRequestToken?";
$path = "";
$request_method = "GET";
$consumer_key = "mykey";
$consumer_secret = "mysecret";
//collect the data (as an associative array)
$oauth_data = array(
'oauth_consumer_key' => $consumer_key,
'oauth_nonce' => (string)mt_rand(), // a stronger nonce is recommended
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => time(),
'oauth_callback' => "http://mywebsite/callback",
'oauth_version' => '1.0'
);
$arr = array();
//normalize the parameters - apply url encoding separately to each key/value pair
foreach($oauth_data AS $key => $value) {
$encoded_key = rawurlencode($key);
$encoded_val = rawurlencode($value);
$arr[$encoded_key] = $encoded_val;
}
//normalize the parameters - sort the encoded data by key
ksort($arr);
//normalize the parameters - list the data members as string in <key>=<value> format and insert "&" between each pair
// http_build_query automatically encodes, but our parameters are already encoded,
// so we urldecode to prevent double-encoding
$querystring = urldecode(http_build_query($arr, '', '&'));
//normalize the parameters - apply urlencoding to the resulting string
$encoded_query_string = rawurlencode($querystring);
$url = $host;
// mash everything together for the text to hash
$base_string = strtoupper($request_method). "&". rawurlencode($url). "&". $encoded_query_string;
$key = rawurlencode($consumer_secret)."&";
// generate the hash
$signature = rawurlencode(base64_encode(hash_hmac('sha1', $base_string, $key, true)));
$url = $host . "&" . $querystring . "&oauth_signature=" . $signature;
// Initiate curl
$ch = curl_init();
// Disable SSL verification
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// Will return the response, if false it print the response
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Set the url
curl_setopt($ch, CURLOPT_URL,$url);
//curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json'));
$result=curl_exec($ch);
// Will dump a beauty json :3
print_r($result);
curl_close($ch);
Upvotes: 0
Views: 684
Answers (1)
Emilio Clemente
Reputation: 66
I don't know if you're still facing this problem, but you may want to try not encoding the base64 signature.
Change this:
// generate the hash
$signature = rawurlencode(base64_encode(hash_hmac('sha1', $base_string, $key, true)));
To this:
// generate the hash
$signature = base64_encode(hash_hmac('sha1', $base_string, $key, true));
Also, you must specify the request method
// GET (should be your case, otherwise you are going to recieve a "Invalid Method" response)
curl_setopt($ch, CURLOPT_HTTPGET, true);
// POST
curl_setopt($ch, CURLOPT_POST, true);
Be sure it matches the method you used to generate the signature.
Upvotes: 1
Related Questions
- PHP cURL OAuth v1.0
- OAuth: invalid oauth_signature
- How to resolve "Invalid signature. Expected signature base string" in OAuth 1.0
- OAuth unsupported_grant_type
- OAuth2 returns invalid_client error
- PHP Oauth Invalid signature issue
- PHP Oauth signature_invalid
- Failed to validate oauth signature and token - Issue generating OAuth Token
- PHP OAuthProvider library -- invalid_signature, OAuth Flow... just confused
- Failed to validate oauth signature and token