Search code examples
oauthscribexing

Scribe + Xing => Invalid OAuth signature

I'm trying to use scribe with XING and I'm always getting following answer:

Can't extract token and secret from this: '{"message":"Invalid OAuth signature","error_name":"INVALID_OAUTH_SIGNATURE"}'

I have a working login process, get back an oauth_token and an oauth_verifier and tried to to change the defaultly selected HMACSha1 Singature with a PlainText signature, but I'll always get the above mentioned result...

Any ideas on why this happens?

Using the default DefaultApi10a and XingApi from scribe always fails at the above mentioned step...

EDIT - Code

// Creating the service
// callback is needed to stop redirecting in the webview
OAuthService service = new ServiceBuilder()
            .provider(XingApi.class)
            .apiKey(apiKey)
            .apiSecret(apiSecret)
            .callback("http://www.xing.com")
            .build();

Step 1: get request token + auth url

RequestToken requestToken = service.getRequestToken();
String authUrl = service.getAuthorizationUrl(requestToken );

Step 2: load the auth url in a webview + check the redirect url and cancel redirection based on callback

for example, redirection url look like following: http://www.xing.com?oauth_token=a2191ab84c9e0f85cf0c&oauth_verifier=4978

Step 3: extract oauth_token + oauth_verifier from returned url

String oauthToken = ...; // a2191ab84c9e0f85cf0c in the example
String oauthVerifier = ...; // 4978 in the example

Step 4: get access token => this fails

Token requestToken = new Token(oauthToken, oauthVerifier); // reusing the request token from above results in invalid request token answer from xing!
Verifier v = new Verifier(oauthVerifier);
Token accessToken = service.getAccessToken(requestToken, v);
Solution

  • Remove:

    Token requestToken = new Token(oauthToken, oauthVerifier); // reusing the request token from above results in invalid request token answer from xing!

    line from step 4.

    You have to keep request token to retrieve access token using it and verifier (4 digits PIN) from Xing.

    EDIT - code added:

    OAuth10aService service = new ServiceBuilder()
    .apiKey("44a4f9c1a9daa88f4da2")
    .apiSecret("2fc8ca373dab772acc4de7ce22718f8fced6919c")
    .callback("https://redirect.example.com")
    .build(XingApi.instance());

final Token requestToken = service.getRequestToken();

System.out.println(service.getAuthorizationUrl(requestToken));
System.out.println("Paste the verifier here");
System.out.print(">>");
Scanner in = new Scanner(System.in);
Verifier verifier = new Verifier(in.nextLine());
System.out.println();
in.close();

// Trade the Request Token and Verfier for the Access Token
Token accessToken = service.getAccessToken(requestToken, verifier);
System.out.println("Got the Access Token! " + accessToken);