Search code examples
phpactionscript-3flashoauthtwo-legged

OAuth invalid signature

I am having trouble with OAuthorization, I have a flash player application requesting a PHP script. The PHP is always returning:

{"status":false,"message":"Invalid Signature"}

I tried two differents libraries:

https://github.com/yahoo/yos-social-as3
https://github.com/iotashan/oauth-as3

I dont know what do try anymore, could someone help me with this?

The as3 script that is generating a wrong URL:

import com.yahoo.oauth.OAuthRequest;
import com.yahoo.oauth.OAuthConsumer;
import com.yahoo.oauth.OAuthSignatureMethod_HMAC_SHA1;
import com.yahoo.oauth.IOAuthSignatureMethod;
import com.yahoo.oauth.OAuthToken;
import com.yahoo.oauth.OAuthUtil;

var signature:IOAuthSignatureMethod = new OAuthSignatureMethod_HMAC_SHA1();
var consumer:OAuthConsumer = new OAuthConsumer("myKey", "mySecret");

var oauthRequest:OAuthRequest = 
    new OAuthRequest(
        "GET", 
        "http://mySite.com/index.php",
        null, 
        consumer, 
        null
    );

var request:URLRequest = new URLRequest(oauthRequest.buildRequest(signature));

var loader:URLLoader = new URLLoader;
loader.addEventListener(Event.COMPLETE, getComplete);
loader.load(request);

function getComplete(event:Event):void
{
    trace("data", URLLoader(event.currentTarget).data);
}

I have a example did in PHP script that generate a correct URL:

<?php
// include oath
require_once('OAuth/OAuth.php');

if ($mode == 'generate')
{
    $consumer = new OAuthConsumer(OAUTHKEY, OAUTHSECRET);
    $sig_method = new OAuthSignatureMethod_HMAC_SHA1;

    // call this file
    $api_endpoint = $_GET['url'];

    //use oauth lib to sign request
    $req = OAuthRequest::from_consumer_and_token($consumer, null, 'GET', $api_endpoint, $parameters);
    $sig_method = new OAuthSignatureMethod_HMAC_SHA1();
    $req->sign_request($sig_method, $consumer, null); //note: double entry of token
    echo $req->to_url();
    exit;
}

This is the url generated by the PHP script, this work:

http://mySite.com/index.php?
oauth_consumer_key=myKey&
oauth_nonce=20de438daf761115018b3d6f26456a6e&
oauth_signature=JpWrfU77Pl%2FfFoa%2BhVy8agq9I5Q%3D&
oauth_signature_method=HMAC-SHA1&
oauth_timestamp=1347583047&
oauth_version=1.0

This is the url generated by the AS3 script, this not work:

http://mySite.com/index.php?
oauth_consumer_key=myKey&
oauth_nonce=b8808c76e9aaa264964aefabb22bdc55&
oauth_signature=jZ31R4C0Ybj1dluIjy6wKCtN7D4%3D&
oauth_signature_method=HMAC-SHA1&
oauth_timestamp=1348705359&
oauth_version=1.0
Solution

  • Solved :)

    Thanks to PeeHaa that told I was using a version 2.0 library, now I am using back the iotashan lib, that is version 1.0 and it is working now :)

    import org.iotashan.oauth.IOAuthSignatureMethod;
import org.iotashan.oauth.OAuthConsumer;
import org.iotashan.oauth.OAuthRequest;
import org.iotashan.oauth.OAuthSignatureMethod_HMAC_SHA1;
import org.iotashan.oauth.OAuthToken;
import org.iotashan.utils.OAuthUtil;
import org.iotashan.utils.URLEncoding;

var signature:IOAuthSignatureMethod = new OAuthSignatureMethod_HMAC_SHA1();

var consumer:OAuthConsumer = new OAuthConsumer("myKey", "mySecret");

var oauthRequest:OAuthRequest = 
    new OAuthRequest(
        OAuthRequest.HTTP_METHOD_GET, 
        "http://mySite.com/index.php",
        null, 
        consumer, 
        null
    );

var request:URLRequest = new URLRequest(oauthRequest.buildRequest(signature, OAuthRequest.RESULT_TYPE_URL_STRING));

// Creating URLLoader to invoke Google service
var loader:URLLoader = new URLLoader;
loader.addEventListener(Event.COMPLETE, getComplete);
loader.load(request);

trace("request", request.url);

function getComplete(event:Event):void
{
    trace("data", URLLoader(event.currentTarget).data);
}