Search code examples
ruby-on-railsrubyapioauthyahoo-api

Yahoo Oauth in Ruby API Request - Signature Invalid

I have already successfully gotten the access token and access secret. Now I'm trying to make an API request with the OAuth information.

I'm following alongside the yahoo docs (not very helpful): https://developer.yahoo.com/oauth/guide/oauth-make-request.html https://developer.yahoo.com/oauth/guide/oauth-signing.html

Also, I'm trying to follow this example closely: https://gist.github.com/cheenu/1469815

Here is the code: (I split up the long url for convenience)

require 'cgi'
require 'base64'
require 'openssl'

url = "http://fantasysports.yahooapis.com/fantasy/v2/game/nfl"
parameters = "format=json
  &realm=yahooapis.com
  &oauth_consumer_key=#{Rails.application.secrets.yhoo_consumer_key}
  &oauth_nonce=#{SecureRandom.hex}
  &oauth_signature_method=HMAC-SHA1
  &oauth_timestamp=#{Time.now.to_i}
  &oauth_token=#{ApiVar.final_oauth_token} #the access token
  &oauth_version=1.0"

base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters)

oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1', ApiVar.final_oauth_secret + "&", base_string)}").chomp)

#ApiVar.final_oauth_secret is the access token secret - is that what I should be putting there?

testable_url = url + '?' + parameters + '&oauth_signature=' + oauth_signature
p testable_url
response = HTTParty.get(testable_url)

My response gives me "signature_invalid."

What am I doing wrong?

Thank you!

Solution 
  •     url = "http://fantasysports.yahooapis.com/fantasy/v2/league/{league-key}/players"
    parameters = "format=json&oauth_consumer_key=#{Rails.application.secrets.yhoo_consumer_key}&oauth_nonce=#{SecureRandom.hex}&oauth_signature_method=HMAC-SHA1&oauth_timestamp=#{Time.now.to_i}&oauth_token=#{ApiVar.final_oauth_token}&oauth_version=1.0&realm=yahooapis.com"
    base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters)
    secret = "#{Rails.application.secrets.yhoo_consumer_secret}&#{ApiVar.final_oauth_secret}"
    oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1', secret, base_string)}").chomp)
    testable_url = url + '?' + parameters + '&oauth_signature=' + oauth_signature
    p testable_url
    response = HTTParty.get(testable_url)

#{Rails.application.secrets.yhoo_consumer_secret}&#{ApiVar.final_oauth_secret}" - correct secret key

    The parameters have to be ordered alphabetically! Also, the secret key is the yahoo consumer secret plus the final oauth secret!