Flutter OAuth1.0 Fatsecret API Error: Invalid signature: oauth_signature 'ziNCxJykqOEMRV51C8MFx5LN%2Fi4%3D'

334 views
Skip to first unread message

Anima361

unread,
Sep 22, 2023, 2:21:45 PM9/22/23
to FatSecret Platform API

i usually don't post questions here, but I've been stuck for days. I couldn't find any answers with online research either. I hope someone here can help me. I want to use the Fatsecret API with Flutter and am using OAuth1.0 for it. 

I followed all the steps, created a signature base string, and then calculated the signature value using HMAC-SHA1. Unfortunately, I receive the following error:


```

Success: <?xml version="1.0" encoding="utf-8" ?> I/flutter (10963): <error xmlns="http://platform.fatsecret.com/api/1.0/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://platform.fatsecret.com/api/1.0/ http://platform.fatsecret.com/api/1.0/fatsecret.xsd"> I/flutter (10963): <code>8</code> I/flutter (10963): <message>Invalid signature: oauth_signature 'ziNCxJykqOEMRV51C8MFx5LN%2Fi4%3D'</message> I/flutter (10963): </error>

```


I can't see where I'm going wrong. Perhaps someone might notice what I'm doing incorrectly.

My Flutter code: I have checked the consumer key and consumer secret multiple times, and they are correctly implemented in the code. For security reasons, I have entered them here simply as the string "secret".




```

import 'dart:convert'; import 'dart:math'; import 'package:crypto/crypto.dart'; import 'package:http/http.dart' as http; import 'package:flutter/material.dart'; void main() { runApp(MyApp()); } class MyApp extends StatelessWidget { @override Widget build(BuildContext context) { return MaterialApp( home: HomeScreen(), ); } } class HomeScreen extends StatefulWidget { @override _HomeScreenState createState() => _HomeScreenState(); } class _HomeScreenState extends State<HomeScreen> { int timestamp = DateTime.now().millisecondsSinceEpoch ~/ 1000; String consumerKey = "secret" String consumerSecret = "secret"; String url = 'https://platform.fatsecret.com/rest/server.api'; String oauthNonce = ""; String signature = ""; String getSignature() { // Step 1: HTTP Method String httpMethod = "POST"; // Step 2: Request URL String encodedRequestUrl = Uri.encodeComponent(url); // Step 3: Normalized Parameters Map<String, String> params = { 'oauth_consumer_key': consumerKey, 'oauth_signature_method': 'HMAC-SHA1', 'oauth_timestamp': timestamp.toString(), 'oauth_nonce': oauthNonce, 'oauth_version': '1.0', 'food_id': '33691', 'method': 'food.get.v3', }; // Sort parameters and concatenate in a string // Sort parameters List<String> sortedKeys = params.keys.toList()..sort(); // Concatenate parameters in a string List<String> keyValuePairList = sortedKeys.map((k) => '$k=${params[k]}').toList(); // Join string with '&' String normalizedParameters = keyValuePairList.join('&'); // Encode the string String encodedNormalizedParameters = Uri.encodeComponent(normalizedParameters); // Create the signature base string String signatureBaseString = '$httpMethod&$encodedRequestUrl&$encodedNormalizedParameters'; // HMAC-SHA1 signature var key = utf8.encode(consumerSecret); var bytes = utf8.encode(signatureBaseString); var hmacSha1 = Hmac(sha1, key); var digest = hmacSha1.convert(bytes); String base64Signature = base64Encode(digest.bytes); String encodedBase64Signature = Uri.encodeComponent(base64Signature); return encodedBase64Signature; } void makeRequest() async { Random rand = Random(); List<int> codeUnits = List.generate(10, (index) { return rand.nextInt(26) + 97; }); oauthNonce = String.fromCharCodes(codeUnits); signature = getSignature(); final headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'OAuth oauth_consumer_key="$consumerKey", oauth_nonce="$oauthNonce", oauth_signature="$signature", oauth_signature_method="HMAC-SHA1", oauth_timestamp="$timestamp", oauth_version="1.0"' }; final body = { 'food_id': '33691', 'method': 'food.get.v3', 'oauth_consumer_key': consumerKey, 'oauth_nonce': oauthNonce, 'oauth_signature': signature, 'oauth_signature_method': 'HMAC-SHA1', 'oauth_timestamp': timestamp.toString(), 'oauth_version': '1.0', }; final response = await http.post( Uri.parse(url), headers: headers, body: body, ); if (response.statusCode == 200) { print('Success: ${response.body}'); } else { print('Error: ${response.body}'); } } @override void initState() { super.initState(); makeRequest(); } @override Widget build(BuildContext context) { return Scaffold(); } }


```

Дмитрий Шевченко

unread,
Oct 14, 2023, 6:20:15 AM10/14/23
to FatSecret Platform API
Do you still need help? I can show 3-Legged Authentication solution. It's a half-baked solution, but it works. You can adapt it to oauth1.

Anima361

unread,
Nov 1, 2023, 5:20:27 PM11/1/23
to FatSecret Platform API

I already did it now with OAuth2.0 with a Linux Server.
But if you can show me your version, i would be very thankful.

Дмитрий Шевченко

unread,
Nov 10, 2023, 7:30:13 PM11/10/23
to fatsecret-p...@googlegroups.com


чт, 2 нояб. 2023 г. в 00:20, 'Anima361' via FatSecret Platform API <fatsecret-p...@googlegroups.com>:
--
You received this message because you are subscribed to a topic in the Google Groups "FatSecret Platform API" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/fatsecret-platform-api/ZmZ5OGF2oCM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to fatsecret-platfor...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/fatsecret-platform-api/92275d6c-b016-4e9e-98cb-ce6e99dd0a46n%40googlegroups.com.
main.dart
fatsecret.dart
pubspec.yaml

Дмитрий Шевченко

unread,
Nov 10, 2023, 7:30:22 PM11/10/23
to FatSecret Platform API
Run on web
main.dart
pubspec.yaml
fatsecret.dart
Reply all
Reply to author
Forward
0 new messages