OAuth and Methods with Parameters says "Invalid Signature"
quiks
Registered Users Posts: 19 Big grins
Hi,
I got OAuth working to the point that I can do requests to methods without parameters.
For example, I can call "smugmug.users.getTree" and I get a result. Whenever I try to add a parameter (e.g. Extras=ImageCount") to a request, I get "Invalid Signature". I tried every possible combination of generating the base_string, nothing is working. I've even read the official RFC specs about OAuth. My base_string seems good to me. I have clearly overlooked something. If anyone sees something, I would really appreciate your help.
Here is what is working:
BASE_STRING (I added New Lines for readability purpose):
Authorization Header (I added New Lines for readability purpose):
Here is what is NOT working:
BASE_STRING (I added New Lines for readability purpose):
Authorization Header (I added New Lines for readability purpose):
Thanks.
I got OAuth working to the point that I can do requests to methods without parameters.
For example, I can call "smugmug.users.getTree" and I get a result. Whenever I try to add a parameter (e.g. Extras=ImageCount") to a request, I get "Invalid Signature". I tried every possible combination of generating the base_string, nothing is working. I've even read the official RFC specs about OAuth. My base_string seems good to me. I have clearly overlooked something. If anyone sees something, I would really appreciate your help.
Here is what is working:
BASE_STRING (I added New Lines for readability purpose):
GET&https%3A%2F%2Fapi.smugmug.com%2Fservices%2Fapi%2Fjson%2F1.3.0%2F& method%3Dsmugmug.users.getTree%26 oauth_consumer_key%3DZATFDe0SJ2h4UuOyD7NL0UZ1DQokFivH%26 oauth_nonce%3DF0A7BB13-FCFB-4C0D-A32C-783DADA1766A%26 oauth_signature_method%3DHMAC-SHA1%26 oauth_timestamp%3D1378109752%26 oauth_token%3Dfdb73b19a9a10b7d2afb021c2de6a898%26 oauth_version%3D1.0
Authorization Header (I added New Lines for readability purpose):
realm="https://api.smugmug.com/", method="smugmug.users.getTree", oauth_consumer_key="ZATFDe0SJ2h4UuOyD7NL0UZ1DQokFivH", oauth_nonce="F0A7BB13-FCFB-4C0D-A32C-783DADA1766A", oauth_signature="0VFFu%2BnSb8waKqqNz4XR5G5%2BUng%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1378109752", oauth_token="fdb73b19a9a10b7d2afb021c2de6a898", oauth_version="1.0"
Here is what is NOT working:
BASE_STRING (I added New Lines for readability purpose):
GET&https%3A%2F%2Fapi.smugmug.com%2Fservices%2Fapi%2Fjson%2F1.3.0%2F& [COLOR="Red"]Extras%3DImageCount%26[/COLOR] method%3Dsmugmug.users.getTree%26 oauth_consumer_key%3DZATFDe0SJ2h4UuOyD7NL0UZ1DQokFivH%26 oauth_nonce%3D614B39B4-6F41-4D11-A9DB-2553AD4BC495%26 oauth_signature_method%3DHMAC-SHA1%26 oauth_timestamp%3D1378109612%26 oauth_token%3Dfdb73b19a9a10b7d2afb021c2de6a898%26 oauth_version%3D1.0
Authorization Header (I added New Lines for readability purpose):
realm="https://api.smugmug.com/", [COLOR="red"]Extras="ImageCount",[/COLOR] method="smugmug.users.getTree", oauth_consumer_key="ZATFDe0SJ2h4UuOyD7NL0UZ1DQokFivH", oauth_nonce="614B39B4-6F41-4D11-A9DB-2553AD4BC495", oauth_signature="nsQgp3P4cuUCXyYm1XIzu%2Be4PI4%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1378109612", oauth_token="fdb73b19a9a10b7d2afb021c2de6a898", oauth_version="1.0"
Thanks.
0
Comments
For those interested, here is what you should be doing:
BASE_STRING:
OAUTH Header:
Query String URL:
I was encoding my parameters (Extras + method) WITHING the OAuth Header: WRONG!
You should be providing SmugMug parameters to create the Base String AND through the query string. Period.
Hope it helps someone!