Hopefully this will help another person running into this issue.
Like a lot of people, I was getting "Signature Invalid" when trying to initiate an OAUTH transaction with Yahoo, e.g., at https://api.login.yahoo.com/oauth/v2/get_request_token. For a while I thought the problem might be with the URL encoding of parameters, as mentioned in many of the discussion. However it turned out that Yahoo's OAUTH does not support the Authorization header, as mentioned here by "David". This is a serious limitation given that this method is the most preferred of the three specified in http://oauth.net/core/1.0a/ .
The solution for this is simple: avoid using the HTTP Authorization header, and pass the OAUTH parameters by URI instead.
I'm using the OAUTH PECL library. For this, just change:
$oauth = new OAuth($this->CONSUMER_KEY, $this->CONSUMER_SECRET);
to:
$oauth = new OAuth($this->CONSUMER_KEY, $this->CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
Mystery solved.
Update: Other ficklings with Yahoo OAUTH support:
- When creating a new app, make sure your "Application URL" ends with a file, or a "/". For example, this won't work: "http://www.example.com".
- If after creating an app, you make any change at all, like adding a short description or an icon, your users will see "Warning: This website has not been verified by Yahoo!. For your security, we recommend that you continue only if you trust this website" when they authenticate with your app.
0 comments:
Post a Comment