Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
OAuth
Home
+ new post
About this group
Join this group
OAuth JS API results in signature_invalid at random
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   6 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Matt Raible  
View profile  
 More options Jun 17 2009, 11:28 am
From: Matt Raible <mrai...@gmail.com>
Date: Wed, 17 Jun 2009 08:28:04 -0700 (PDT)
Local: Wed, Jun 17 2009 11:28 am
Subject: OAuth JS API results in signature_invalid at random
Print | Individual message | Show original | Report this message | Find messages by this author
Hello,

I'm trying to use the JavaScript API to authenticate with OAuth from a
GWT application. I've got it working with both Google and Twitter's
OAuth implementations. However, it seems to fail to sign the URL at
random. In other words, it works 1 out of 3 times.

I'm using the following makeSignedRequest() function to create the
signed URL.

From http://paul.donnelly.org/2008/10/31/2-legged-oauth-javascript-functio...

<script type="text/javascript">
        var makeSignedRequest = function(ck, cks, ts, encodedurl) {
            var accessor = { consumerSecret: cks, tokenSecret: ts};
            var message = { action: encodedurl, method: "GET",
parameters: [
                ["oauth_version","1.0"],
                ["oauth_consumer_key",ck]
            ]};

            OAuth.setTimestampAndNonce(message);
            OAuth.SignatureMethod.sign(message, accessor);

            var parameterMap = OAuth.getParameterMap(message);
            var baseStr = OAuth.decodeForm
(OAuth.SignatureMethod.getBaseString(message));
            var theSig = "";

            if (parameterMap.parameters) {
                for (var item in parameterMap.parameters) {
                    for (var subitem in parameterMap.parameters[item])
{
                        if (parameterMap.parameters[item][subitem] ==
"oauth_signature") {
                            theSig = parameterMap.parameters[item][1];
                            break;
                        }
                    }
                }
            }

            var paramList = baseStr[2][0].split("&");
            paramList.push("oauth_signature=" + theSig);
            paramList.sort(function(a, b) {
                if (a[0] < b[0]) return -1;
                if (a[0] > b[0]) return 1;
                if (a[1] < b[1]) return  -1;
                if (a[1] > b[1]) return 1;
                return 0;
            });

            var locString = "";
            for (var x in paramList) {
                locString += paramList[x] + "&";
            }

            return baseStr[1][0] + "?" + locString.slice(0,
locString.length - 1);
        };

    </script>

Any idea why this could be happening?

Thanks,

Matt


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Chirag Shah  
View profile  
 More options Jun 18 2009, 12:11 am
From: Chirag Shah <chiragsh...@gmail.com>
Date: Wed, 17 Jun 2009 21:11:47 -0700 (PDT)
Local: Thurs, Jun 18 2009 12:11 am
Subject: Re: OAuth JS API results in signature_invalid at random
Print | Individual message | Show original | Report this message | Find messages by this author
Hey Matt, try the code below. It works reliably for me.

Make sure you've included:
http://oauth.googlecode.com/svn/code/javascript/oauth.js
http://oauth.googlecode.com/svn/code/javascript/sha1.js
<script type="text/javascript">
        var requestUrl = 'http://...';
        var ck = '...';
        var cks = '...';
        var accessor = {consumerSecret: cks};
        var message = {
            method: "GET",
            action: requestUrl,
            parameters: [
                ['oauth_signature_method', 'HMAC-SHA1'],
                ['oauth_consumer_key', ck],
                ['oauth_version', '1.0'],
                ['xoauth_requestor_id', guid],
                ['format', 'json']
            ]
        };

        OAuth.setTimestampAndNonce(message);
        OAuth.setParameter(message, "oauth_timestamp", OAuth.timestamp
());
        OAuth.SignatureMethod.sign(message, accessor);
        var finalUrl = OAuth.addToURL(message.action,
message.parameters);
</script>

On Jun 17, 8:28 am, Matt Raible <mrai...@gmail.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Matt Raible  
View profile  
 More options Jun 18 2009, 1:49 am
From: Matt Raible <mrai...@gmail.com>
Date: Wed, 17 Jun 2009 22:49:20 -0700 (PDT)
Local: Thurs, Jun 18 2009 1:49 am
Subject: Re: OAuth JS API results in signature_invalid at random
Print | Individual message | Show original | Report this message | Find messages by this author
Thanks for your suggestion. I tried using this but I'm still
experiencing the same problem. The good news is yours looks a lot
simpler and it appears to work just as good as the last one. Looking
at both Paul Donnelly's and yours, neither contains the "tokenSecret"
in the accessor that's used to sign the access_token request, as well
as any API requests. Am I correct in assuming that the tokenSecret
(the "auth_token_secret" value returned after getting the initial
token) is needed for these two calls?

To be clear, I can reliably get a token and authorize it. After that,
it seems like getting an access_token works 50% of the time and
calling the api (with auth_token as a param in the URL) works 30% of
the time.

Thanks,

Matt

On Jun 17, 10:11 pm, Chirag Shah <chiragsh...@gmail.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
John Kristian  
View profile  
 More options Jun 20 2009, 6:08 pm
From: John Kristian <jmkrist...@gmail.com>
Date: Sat, 20 Jun 2009 15:08:44 -0700 (PDT)
Local: Sat, Jun 20 2009 6:08 pm
Subject: Re: OAuth JS API results in signature_invalid at random
Print | Individual message | Show original | Report this message | Find messages by this author
Yes, your request for an access token should be signed with the
request token secret; that is the oauth_token_secret that you received
with your request token.  Also, requests for access to APIs should be
signed with the access token secret, that is the oauth_token_secret
that you received with your access token.  I'm surprised that the
service provider accepts requests that are signed without the token
secrets.

Here's a simpler way to construct the URL for requesting an access
token, or access to an API. It yields the same result, letting
oauth.js handle more of the details.

  var accessor = {
      consumerKey: '...',
      consumerSecret: '...',
      token: '...',
      tokenSecret: '...'};
  var message = {
      method: "GET",
      action: "http://...",
      parameters: [
          ['oauth_signature_method', 'HMAC-SHA1'],
          ['xoauth_requestor_id', guid],
          ['format', 'json']]};
  OAuth.completeRequest(message, accessor);
  var signedURL = OAuth.addToURL(message.action, message.parameters);

On Jun 17, 10:49 pm, Matt Raible <mrai...@gmail.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
John Kristian  
View profile  
 More options Jun 20 2009, 6:22 pm
From: John Kristian <jmkrist...@gmail.com>
Date: Sat, 20 Jun 2009 15:22:57 -0700 (PDT)
Local: Sat, Jun 20 2009 6:22 pm
Subject: Re: OAuth JS API results in signature_invalid at random
Print | Individual message | Show original | Report this message | Find messages by this author
Can a GWT application communicate cross-domain, with an OAuth service
provider other than the GWT application server?  How?  I've read that
browser security restrictions prevent this.
http://www.mooreds.com/wordpress/archives/000500

On Jun 17, 8:28 am, Matt Raible <mrai...@gmail.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Matt Raible  
View profile  
 More options Jun 22 2009, 4:04 pm
From: Matt Raible <mrai...@gmail.com>
Date: Mon, 22 Jun 2009 14:04:22 -0600
Local: Mon, Jun 22 2009 4:04 pm
Subject: Re: [oauth] Re: OAuth JS API results in signature_invalid at random
Print | Individual message | Show original | Report this message | Find messages by this author
If you read my blog entry (listed below) on how I did this, I used a
ProxyServlet to get around the SOP in browsers.

http://raibledesigns.com/rd/entry/implementing_oauth_with_gwt

Matt


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google