Reputation: 357
PHP OAuthProvider library -- invalid_signature, OAuth Flow... just confused
I'm trying to use the OAuthProvider library from PHP.net and of course, it's not documented. I've followed Rasmus' tutorial and I've followed djpate.com's tutorial and neither of them to work for me and Rasmus doesn't link to any source, the source he does link to for examples is confusing and of course, doesn't work when ran.
I seem to always get a "signatures do not match" error which I don't understand really, because I've followed the tutorials to a T.
What's the flow supposed to be anyway? 1. Create consumer key/secret. Check. 2. Get the access token? I get errors -- Where does the signature come from? 3. Get the request token? I get error
I'm trying to create an OAuthProvider so that I can create 1 consumer account that can call my API remotely and it seems like this is very poorly documented for a beginner... in PHP land anyway.
If anyone has any working OAuthProvider libraries or can explain this to me in more detail I would greatly appreciate it.
Thanks in advance.
Upvotes: 2
Views: 1113
Answers (2)
Reputation: 1219
http://oauth.net/core/1.0a/ tells you the basic flow.
- A consumer gets a consumer key and secret.
- The consumer gets a request token.
- The consumer redirects the user to the provider's authentication endpoint.
- The user signs the request token (or doesn't).
- The consumer swaps a authentication token for their signed request token.
- The consumer uses their authentication token to access protected information.
http://oauth.net/core/1.0a/#signing_process describes how a request is signed.
"The signature process encodes the Consumer Secret and Token Secret into a verifiable value which is included with the request."
If you are using the pecl oauth/oauthprovider code, the signature is automatically generated on both sides for you (undocumented but true). You can check to see what the signature is by putting the following in the oauthexception catch section in the provider:
catch (OAuthException $E)
{
error_log(print_r($this->provider, true));
echo OAuthProvider::reportProblem($E);
$this->oauth_error = true;
}
and the following in your oauth consumer oauthexception catch section:
catch(OAuthException $E)
{
error_log(print_r($oauth, true));
echo $E->getMessage();
}
In this way you can check your error logs to find out what the signatures are and whether they do in fact not match.
Upvotes: 2
Reputation: 1141
I am having similar error. This seems to be caused, in my case, due to a signature mismatch in http vs https url.
I would check if you are getting re-directed between http and https.
Upvotes: 0
Related Questions
- Invalid Signature in Auth 1.0a implementing in PHP
- OAuth: invalid oauth_signature
- How to resolve "Invalid signature. Expected signature base string" in OAuth 1.0
- PHP OAuthProvider Invalid Signature when passing additional $_GET params
- PHP Oauth Invalid signature issue
- PHP OAuthProvider rejecting signature method on staging server
- PHP Oauth signature_invalid
- PHP PECL oauth error "Unknown signature method"
- OAuth signature generating (PHP)
- PHP OAuthProvider Returns HTTP 500