CODEWITHSUNDEEP
phpoauth
soren.qvist
soren.qvist

Reputation: 7416

PHP Oauth building the signature key?

I'm trying to build a valid signature key (I'm using the HMAC-SHA1 method), so far this is still invalid(i'm using an online test server at http://term.ie/oauth/example/client.php):

    function _build_signature_hmac($base_url, $params, $consumer_key, $token_secret = '')
    {
        // Setup base-signature data
        $data = 'POST&' . $base_url . '&';

        // Sort the params array keys first
        ksort($params);

        // Attach params string
        $data .= rawurlencode(http_build_query($params));

        // Build the signature key
        $key = rawurlencode($consumer_key) . '&' . rawurlencode($token_secret);

        return base64_encode(hash_hmac('sha1', $data, $key));
    }

Since this is a request for an unauthorized token, the $token_secret string is empty. The returned signature looks like this:

POST&http://term.ie/oauth/example/request_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D0uPOn3pPUbPlzWx2cO6citRPafIni5%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1298745681%26oauth_version%3D1.0

And the $key looks like this: secret&

The keys/secrets are all correct and I'm getting a response from the server saying 'invalid signature'. Am I building it the right way?

Upvotes: 0

Views: 2784

Answers (1)

Brandon Frohbieter
Brandon Frohbieter

Reputation: 18139

The method from the implementation I am using....

 public function build_signature($request, $consumer, $token) {
    $base_string = $request->get_signature_base_string();
    $request->base_string = $base_string;

    $key_parts = array(
      $consumer->secret,
      ($token) ? $token->secret : ""
    );

    $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
    $key = implode('&', $key_parts);

    return base64_encode(hash_hmac('sha1', $base_string, $key, true));
  }



 public static function urlencode_rfc3986($input) {
  if (is_array($input)) {
    return array_map(array('OAuthUtil', 'urlencode_rfc3986'), $input);
  } else if (is_scalar($input)) {
    return str_replace(
      '+',
      ' ',
      str_replace('%7E', '~', rawurlencode($input))
    );
  } else {
    return '';
  }

If it helps at all...

Upvotes: 1

Related Questions