Coldfusion, The oauth_signature is invalid

Question

I'm trying to obtain credentials from ning network using Coldfusion 9, so first this is the curl syntax to test the api :

curl -k https://external.ningapis.com/xn/rest/mbdevsite/1.0/Token?xn_pretty=true -u devshare@megabase.tn:mbdev2011 -d "oauth_signature_method=PLAINTEXT&
oauth_consumer_key=741ab68b-63fb-4949-891c-9e88f5143034&oauth_signature=36da2ea8
-10fb-48cc-aaa4-c17c551c6b87%26"

and it returns :

{
  "success" : true,
  "entry" : {
    "author" : "1o0butfek0b3p",
    "oauthConsumerKey" : "741ab68b-63fb-4949-891c-9e88f5143034",
    "oauthToken" : "46f1e137-549a-4d9d-ae05-62782debfd3d",
    "oauthTokenSecret" : "9f778ab5-db8e-4f3e-b17f-61d249b91f0a"
  },
  "resources" : {
  }

then i translated it to coldfusion like this :

<cfhttp  
        method="post"  
        url="https://external.ningapis.com/xn/rest/mbdevsite/1.0/Token"
        username="devshare@megabase.tn"
        password="mbdev2011"> 
    <cfhttpparam type="header" name="content-type" value="application/x-www-form-urlencoded">
    <cfhttpparam name="oauth_signature_method" type="FormField" value="PLAINTEXT"/> 
    <cfhttpparam name="oauth_consumer_key" type="FormField" value="741ab68b-63fb-4949-891c-9e88f5143034"/>
    <cfhttpparam name="oauth_signature" type="FormField" value="36da2ea8-10fb-48cc-aaa4-c17c551c6b87%26"/>  
</cfhttp> 


<cfoutput> 
    #cfhttp.fileContent#
</cfoutput> 

and the response is always :

{"success":false,"reason":"The oauth_signature is invalid. That is, it doesn't match the signature computed by the Service Provider.","status":401,"code":1,"subcode":12,"trace":"3d874587-072b-4877-b27e-b84ee2e2b537"} 

does somebody have idea about what could be this error ??

url and login info are real for who wants to help by testing

Thank you..

Answer 1

Don't disclose your username & password in public forums. Better you change this user name & password after this issue completion :)

Your oauth_signature is 36da2ea8-10fb-48cc-aaa4-c17c551c6b87& not "36da2ea8-10fb-48cc-aaa4-c17c551c6b87%26"

I got the success response & it is working perfectly.

<cfhttp  
            method="post"  
            url="https://external.ningapis.com/xn/rest/mbdevsite/1.0/Token"
            username="devshare@megabase.tn"
            password="mbdev2011"> 
        <cfhttpparam type="header" name="content-type" value="application/x-www-form-urlencoded">
        <cfhttpparam name="oauth_signature_method" type="FormField" value="PLAINTEXT"/> 
        <cfhttpparam name="oauth_consumer_key" type="FormField" value="741ab68b-63fb-4949-891c-9e88f5143034"/>
        <cfhttpparam name="oauth_signature" type="FormField" value="36da2ea8-10fb-48cc-aaa4-c17c551c6b87&"/>  
    </cfhttp> 

Answer 2

Any specific reason why you're using cURL instead of cfhttp? There's a nice library on RIAForge: OAuth that will help you with dealing with OAuth. The issue is probably with the parameters encoding.

Oh - and you shouldn't be posting your OAuth credentials.

---

UPDATE:

I'm afraid using OAuth isn't as simple as just calling cfhttp with params. The parameters need to be in certain order, you need to sign the whole request using appropriate method (plain text in your case). The signing process also includes time stamp so you can't test your code with the values from the example as they definitely won't work.

If you download the RIAForge libraries there's an "\examples_external" folder there and twitter.cfm - you'll find all that I've mentioned there.

A bit of code from there to show what I mean:

<!--- Create empty token --->
<cfset oReq = CreateObject("component", "oauth.oauthrequest").fromConsumerAndToken(
    oConsumer = oConsumer,
    oToken = oToken,
    sHttpMethod = "GET",
    sHttpURL = sTokenEndpoint,stparameters= Parameters )>

<!--- Sign the request --->
<cfset oReq.signRequest(
    oSignatureMethod = oReqSigMethodSHA,
    oConsumer = oConsumer,
    oToken = oToken)>

<!--- Get the request token --->
<cfhttp url="#oREQ.getString()#" method="get" result="tokenResponse"/>

Of course there's lots of bits missing before and after it.

Answer 3

You might check out Ben Nadel's blog post on OAuth. He covers some of the things you may be running into.