Oauth "invalid signature" error
nzsnapper
Registered Users Posts: 34 Big grins
I am busy converting my Aperture plugin to use Oauth for authentication and to move to the lastest 1.3.0 API and seem to be having trouble with the signature. I must be doing something dumb but I can't see it :-(
An example base string used to create the signature is:
GET&http%3A%2F%2Fapi.smugmug.com%2Fservices%2Fapi%2Fjson%2F1.3.0&method%3Dsmugmug.albums.get%26oauth_consumer_key%3DWW1U80oIBzOLSOHUvoWgM5GzfU3qsfTX%26oauth_nonce%3DE37583D0-A8B8-4FB3-A7D3-6A3A90C6C292%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1316728948%26oauth_token%3D5dc7b0ca8bbfe9bc03e7b216c4694baf%26oauth_version%3D1.0
And the URL:
The response I get:
{"stat":"fail","method":"smugmug.albums.get","code":35,"message":"invalid signature"}
I am using a 3rd party Oauth library and can successfully get the access token, any help would be appreciated.
Cheers
Richard
An example base string used to create the signature is:
GET&http%3A%2F%2Fapi.smugmug.com%2Fservices%2Fapi%2Fjson%2F1.3.0&method%3Dsmugmug.albums.get%26oauth_consumer_key%3DWW1U80oIBzOLSOHUvoWgM5GzfU3qsfTX%26oauth_nonce%3DE37583D0-A8B8-4FB3-A7D3-6A3A90C6C292%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1316728948%26oauth_token%3D5dc7b0ca8bbfe9bc03e7b216c4694baf%26oauth_version%3D1.0
And the URL:
http://api.smugmug.com/services/api/json/1.3.0?method=smugmug.albums.get&oauth_consumer_key=WW1U80oIBzOLSOHUvoWgM5GzfU3qsfTX&oauth_nonce=E37583D0-A8B8-4FB3-A7D3-6A3A90C6C292&oauth_signature=lbMk2reS4gXEdjJ5nL%2B3YjJy%2BuM%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1316728948&oauth_token=5dc7b0ca8bbfe9bc03e7b216c4694baf&oauth_version=1.0
The response I get:
{"stat":"fail","method":"smugmug.albums.get","code":35,"message":"invalid signature"}
I am using a 3rd party Oauth library and can successfully get the access token, any help would be appreciated.
Cheers
Richard
0
Comments
The issue is that you should use http://api.smugmug.com/services/api/json/1.3.0/ as the base url instead of http://api.smugmug.com/services/api/json/1.3.0
If you load the url in the browser without the /, you will see that it redirects to the URL with the /, so when the signature validation fails since your signature base string doesn't have the additional %2F.
Hope this helps.
Cheers,
David
SmugMug API Developer
My Photos
Perfect, thanks David! Not sure I would have spotted that.