Question about oAuth GetAccessToken

suntsusuntsu Registered Users Posts: 37 Big grins
hi,

I try to create a wp7 smugmug app, but i have some problem with the oAuth protocol.
Steps done:
1. Applied for a developer key(api key/secret) >> ok
2. Programatically called getRequestToken >> ok, response contained id and secret
3. With this auth_token id, i was able to authorize my app via http://api.smugmug.com/services/oauth/authorize.mg?oauth_token=a90d5cbbe9386a247c69f666c56d960d
4. This shows me my App under "Authorized Applications" on the smugmug website
5. Now i'm struggling with GetAccessToken

First i create a HMACSHA1 signature. The signature is build from the following parameters using OAuthBase.cs:
1. SmugMug Secure base url
2. api key
3. api secret
4. oAu0th_Token
5. oAuth_Signature

Parameters for the getAccessToken call:
method=smugmug.auth.getAccessToken&oauth_consumer_key=jvqfdJitzM1xxxxdUbwOkcCAt&oauth_nonce=9567550&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1317650088&oauth_token=a90d5cbbe9386a247c69f666c56d960d&oauth_version=1.0&oauth_signature=ADvxfRZ8uyaw0qBYkI3YcE8IaqM=

Response:
{"stat":"fail","method":"smugmug.auth.getAccessToken","code":36,"message":"invalid/expired token"}

Question:
Do you see any errors here?
When does a request_token expire?

thanks
manuel
MySmug, my Windows phone 7 smugmug client.
News about can be found on my website.

Comments

  • suntsusuntsu Registered Users Posts: 37 Big grins
    edited October 4, 2011
    hi,

    I found a mistake in my error description.
    I called GetAccessToken several times with the same token, but it seems such a call is only valid once.

    The first time call GetAccessToken, the return message is:
    {"stat":"fail","method":"smugmug.auth.getAccessToken","code":35,"message":"invalid signature"}

    I've read a lot and tried almost every combination, but it always returns "invalid signature".
    By chance, i've found a tool to create such an oAuth signature, and this tool returns me the same signature i create by code.

    i-vX8j8dz-X2.png

    Any hints what I'm doing wrong?

    cheers
    manuel
    MySmug, my Windows phone 7 smugmug client.
    News about can be found on my website.
  • suntsusuntsu Registered Users Posts: 37 Big grins
    edited October 6, 2011
    Nobody any hints?
    MySmug, my Windows phone 7 smugmug client.
    News about can be found on my website.
  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited October 6, 2011
    yes, request tokens can only be exchanged for an access token once. This is part of the OAuth spec.
    David Parry
    SmugMug API Developer
    My Photos
  • suntsusuntsu Registered Users Posts: 37 Big grins
    edited October 7, 2011
    I found a mistake in my error description.
    I called GetAccessToken several times with the same token, but it seems such a call is only valid once.

    The first time call GetAccessToken, the return message is:
    {"stat":"fail","method":"smugmug.auth.getAccessTok en","code":35,"message":"invalid signature"}
    This is from my second post

    edit:
    btw. I'm using the google oauth implementation for c#(http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs)
    MySmug, my Windows phone 7 smugmug client.
    News about can be found on my website.
Sign In or Register to comment.