Search code examples
phpobjective-coauthoauth-provider

Exposing my API with OAuth and consuming it with an iPhone App

I've been playing with OAuth today and I implemented it on my API. So far I was consuming the services of my API with an iPhone app and I still want to do that but since I added OAuth it is getting harder to use it and I'm facing some problems.

Here is what I have :

  • Provider side
    • A small page providing keys and secret keys to the consumers
    • A request_token page to give a token to a consumer
    • An authorize page to give a user the power to authorize a token to be used
    • And finally a token_access page to change the request token in an access token to access my API
  • On the consumer side, there is :
    • a consumer key (generated by a page on the provider side)
    • a consumer secret key (generated by a page on the provider side)

Here is what I can do without any problems :

  • Get a request token
  • Make the user authorize the token

And when I'm trying to change this token to an access token I have an error :

OAuthException2: Signature verification failed (HMAC-SHA1)

It seems that I'm missing something somewhere but I can't find what ! Here is something else that I found in the logs that can be helpful :

Received from consumer :

Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Authorization: OAuth realm="", oauth_consumer_key="55af183bbbc2c386de3d0cb82a8bc4aa04d2883f9", oauth_token="4ba900b2cb3a6a67c13d0b089874649504d28c069", oauth_signature_method="HMAC-SHA1", oauth_signature="UKJXUjT4ZpEDeWFDVl7%2BUiqOids%3D", oauth_timestamp="1294516337", oauth_nonce="72D5BE27-D4DF-4C93-942F-96DCBCAB3509", oauth_version="1.0"
Connection: keep-alive
Cookie: PHPSESSID=676e088f8f13d7a1bb61d2437ee0b2a6
Host: localhost:8888
User-Agent: DearStranger/1.0 CFNetwork/485.12.7 Darwin/10.6.0

Answer from the provider :

X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain

OAuth Verification Failed: Verification of signature failed (signature base string was "GET&http%3A%2F%2Flocalhost%3A8888%2FDearStranger%2Fwebservices%2Foauth%2Faccess_token.php&oauth_consumer_key%3D55af183bbbc2c386de3d0cb82a8bc4aa04d2883f9%26oauth_nonce%3D72D5BE27-D4DF-4C93-942F-96DCBCAB3509%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1294516337%26oauth_token%3D4ba900b2cb3a6a67c13d0b089874649504d28c069%26oauth_verifier%3D1234%26oauth_version%3D1.0"). with  Array
(
    [0] => dd918316d0190cf48d6bd6028ecbd9fc
    [1] => ec0390f4ce6bbbe6a5f13a651f8b95ff
    [2] => request
)

I am using OAuthConsumer on the iPhone side (http://code.google.com/p/oauthconsumer). Is there anything that this framework is doing wrong to make me get these errors ?

Thanks for your answers!

Martin

Solution

  • I finally found out that I wasn't using the OAuthConsumer framework for iPhone the right way. I was trying to use it the same way I should use it with the Twitter API but my server exposure doesn't have the same specifications as Twitter's.