Oauth 1.0 Signature - Signature mismatch. Authorization signature or client credential is wrong

Question

Here is my Signature Base String:

POST&https%3A%2F%2Faccount.api.here.com%2Foauth2%2Ftoken&grant_type%3Dclient_credentials%26oauth_consumer_key%3Dkey%26oauth_nonce%3D123456%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1585591059%26oauth_version%3D1.0

Here is my signature: kCGgrwFgEi85njS5WOeM88t0L70V99StMjxTXzYQEiI

Here is my Authorization Header OAuth oauth_consumer_key="key",oauth_nonce="123456",oauth_timestamp="1585590864",oauth_signature_method="HMAC-SHA256",oauth_version="1.0",oauth_signature="kCGgrwFgEi85njS5WOeM88t0L70V99StMjxTXzYQEiI"

Here is the error: {"errorId":"ERROR-f2dd0dcd-73e8-48e8-ae07-9d772e1b7399","httpStatus":401,"errorCode":401300,"message":"Signature mismatch. Authorization signature or client credential is wrong.","error":"invalid_client","error_description":"errorCode: '401300'. Signature mismatch. Authorization signature or client credential is wrong."}

James

Answer 1

The reason for signature mismatch is that the one you created is different than the one server created. Check the following –

• Did you append ‘&’ at the end of access key secret to create signing key
• Did you convert the signing key and base string into bytes before passing it to HMAC-SHA256 hashing algorithm
• Did you convert the output of HMAC-SHA256 hashing algorithm into base64 string

Regarding error code, you can refer this - https://developer.here.com/documentation/authentication/dev_guide/topics/error-messages.html