Reputation: 43
Create Signature for Flickr Authentication (Android SDK)
I want to upload pictures to Flickr with my little Android-App. So the user have to log in and accept the permissions.
My problem is, that I don't know what the parameters are to create the signature. This is written on the Flickr Website:
The base string is constructed by concatenating the HTTP verb, the request URL, and all request parameters sorted by name, using lexicograhpical byte value ordering, separated by an '&'.
What are the "request parameters"? I've tried it several times with different parameters, but got always that error: "Invalid api key or signature".
Thank you so much for your help!
Upvotes: 4
Views: 1943
Answers (1)
Reputation: 8963
Lets break it down.
You need to start with the HTTP verb. Lets say that you are doing a GET request. Part 1 of the signature base string is:
GET
Then lets say you are calling the URL http://www.example.com/api/?filename=hello.jpg. Ignore the parameter and you have part 2:
http://www.example.com/api/
Then lets say you have the following parameters, filename is from the URL above. The ones prepended with oauth_ are needed for the request to be allowed by the server.
- oauth_consumer_key=9djdj82h48djs9d2,
- oauth_token=kkk9d7dh3k39sjv7,
- oauth_signature_method=HMAC-SHA1
- oauth_timestamp=137131201
- oauth_nonce=7d8f3e4a
- filename=hello.jpg
All of the parameters above need to be sorted in lexicographical byte value order (basically alphabetically), separated by an '&'. Now you will have the third part part:
filename=hello.jpg&oauth_consumer_key=9djdj82h48djs9d2&
oauth_nonce=7d8f3e4a&oauth_signature_method=HMAC-SHA1&oauth_timestamp=
137131201&oauth_token=kkk9d7dh3k39sjv7
Now you need to URL encode part 2 and part 3. Then concatenate the three parts, resulting in:
GET&http%3A%2F%2Fwww.example.com%2Fapi%2F&filename%3Dhello.jpg%26oauth_consumer_key%3D9djdj82h48djs9d2%26%0Aoauth_nonce%3D7d8f3e4a%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D%0A137131201%26oauth_token%3Dkkk9d7dh3k39sjv7
This is the base string. Now you need to sign it using the HMAC-SHA1 algorithm, the resulting signature has to be sent with the request as well.
Upvotes: 6
Related Questions
- Flickr Oauth Android
- Authenticating with FlickrKit for iOS
- Flickr: How to generate the Authentication Signature?
- Flickr api_sig (api signature)
- Invalid signature when getting the access token from Flickr using OAuth
- Java: Flickr OAuth Signature Invalid
- Flickr oAuth signing requests
- Oauth Signature not getting generated
- Flickr OAuth authentication
- Flickr Oauth for android