Getting Error : Missing required oauth parameter: oauth_signature_method

[Matt M]

Hello,

I have read several questions in the forums with similar issues I'm
having - getting correct 'oauth_signature'...
"Missing required oauth parameter: oauth_signature_method"

I can't seem to find answers to these questions on the forum pages

Can someone technical please contact me?

Thank you


// =========CODE START



import com.adobe.crypto.HMAC;
import com.adobe.crypto.MD5;
import com.adobe.crypto.SHA1;
import com.adobe.crypto.SHA224;
import com.adobe.crypto.SHA256;

import flash.utils.getTimer;

import mx.collections.XMLListCollection;
import mx.controls.Alert;
import mx.controls.DataGrid;
import mx.rpc.events.FaultEvent;
import mx.rpc.events.ResultEvent;
import mx.rpc.http.HTTPService;
import mx.utils.UIDUtil;
private var myHTTPService:HTTPService;
private var myDataGrid:DataGrid = new DataGrid();
private var params:Object = new Object();

private var signatureBase:String = '';
private var encryptedString:String = "";
private var algorithm:Object;
// ----------------------------------------
// PRIVATE KEY
// ----------------------------------------
private var consKey:String = '*my consumer_key hidden for forum
posting*';

public function useHttpService():void {
trace("useHttpService invoked");

// ----------------------------------------
var dateTemp:Date = new Date();
var d2toint:Number = dateTemp.time*1000; //1308874009290000
var nonce:Number = d2toint;
// ----------------------------------------
// 1. Signature base string
// - http method
// - request url
// - normalize parms (sort, concatenate, encode)
// ----------------------------------------
// SORT
// ----------------------------------------
// REQUIRED PARTS
// oauth_consumer_key=demo
// oauth_nonce=abc
// oauth_signature_method=HMAC-SHA1
// oauth_timestamp=12345678
// oauth_version=1.0
// ----------------------------------------
myHTTPService = new HTTPService();
myHTTPService.url = "http://platform.fatsecret.com/rest/
server.api";
myHTTPService.method = "POST";
myHTTPService.addEventListener("result", resultHandler);
myHTTPService.addEventListener("fault", faultHandler) ;

// CONCATENATE & ENCODE
var sendS1:String = ('POST & ');
var sendS1b:String= encodeURIComponent('http://
platform.fatsecret.com/rest/server.api');
var sendS1c:String= (' & ');
var sendS2:String = escape('oauth_consumer_key=' + consKey + '&'+
'oauth_nonce=' + nonce +
'oauth_signature_method=HMAC-SHA1&'+
'oauth_timestamp='+ d2toint + '&' +
'oauth_version=1.0'
);

// ----------------------------------------
// SIGNATURE BASE STRING
// ----------------------------------------
signatureBase = (sendS1 + sendS1b + sendS1c + sendS2);

trace(signatureBase);
/*
EXAMPLE:
POST & http%3A%2F%2Fplatform.fatsecret.com%2Frest%2Fserver.api & a
%3Dbar%26%26oauth_consumer_key%3Ddemo%26oauth_nonce%3Dabc
%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
%3D12345678%26oauth_version%3D1.0%26z%3Dbar
MINE:
POST & http%3A%2F%2Fplatform.fatsecret.com%2Frest%2Fserver.api &
oauth_consumer_key%3D**my consumer_key hidden for forum posting*
%26oauth_nonce%3Dabc%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1308877181282000%26oauth_version%3D1.0
*/

// ----------------------------------------
// ----------------------------------------
// 2. CALCULATE SIGNATURE VALUE
// - key ('KEY') = the concatenated values of the Consumer Secret
and Access Secret separated by an '&'
// - data ('TEXT') = SIG BASE STRING
// - encryption

// com.adobe.crypto.HMAC
// + hash(string, string, obj)
// + hashBytes(byteArray, byteArray, obj)
// ----------------------------------------
algorithm = SHA1;
encryptedString = HMAC.hash(consKey,signatureBase,algorithm);

// ----------------------------------------
// ----------------------------------------
// 3. SEND REQUEST
// ----------------------------------------
myHTTPService.send(encryptedString);

// ----------------------------------------
// ----------------------------------------
// 4. SEE Next function below - resultHandler
// ----------------------------------------


// HELP ASDOCS http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/mx/rpc/http/mxml/HTTPService.html


}

public function resultHandler(event:ResultEvent): void {
trace("resultHandler invoked");
var result:Object = event.result;

var j:String =result.uid as String;
trace(result.uid as String);
trace(j);

Alert.show('200! \nHTTP Service GUID:\n ' + j);
}

[John]

Hi Matt,

It looks like you are not doing step 3 properly which is sending the
request.

The API documentation states:

"Send all the parameters used to generate the Signature Base String
via the HTTP method specified in the Signature Base String, with the
inclusion of the oauth_signature."

Since you have specified that you are using POST then you need to post
all the parameters from step 1 in your request, these being:

oauth_consumer_key
oauth_nonce
oauth_signature_method
oauth_timestamp
oauth_version

PLUS additionally you need to post oauth_signature with its value
being what you calculated in step 2

All the best

John
The FatSecret Platform Team

>                                 // HELP ASDOCShttp://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/mx...

[Matt M]

Thanks, John.
I appreciate your response. I'm trying to step thru and get ea step
right.

I used placeholder text in my code I posted of my consumer key
(naturally for security), but I have it in my code.

So stepping thru your response & my code,

1. "..step 3 is incorrect because.."

2. "..you need to post all the parameters from step 1 in your request"
- oauth_consumer_key
- oauth_nonce
- oauth_signature_method
- oauth_timestamp
- oauth_version

3. "..you need to post oauth_signature with its value being what you
calculated in step 2"

I'm still stuck on (the #1), but I've verified #2 & #3 as follows.
------
#2 - [MY FIRST POSTED CODE - STEP 1] I have all the parameters above
and indeed have 'POST' in this string (key value has the real key in
my code)
2.1 My variable is called 'signatureBase' and has the value:
--- POST & http%3A%2F%2Fplatform.fatsecret.com%2Frest%2Fserver.api &

oauth_consumer_key%3D**my consumer_key hidden for forum posting*
%26oauth_nonce%3Dabc%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1308877181282000%26oauth_version%3D1.0

#3 - [MY FIRST POSTED CODE - STEP 2]
3.1 I encrypt the above-calculated 'signatureBase' and store to
'encryptedString' , (this is oauth_signature)
3.2 My RPC HTTPService method is POST
--- 'myHTTPService.method = "POST"; '

I'm doing: ".. post oauth_signature with its value being what you
calculated in step 2 "

And I call FatSecret's API here:
myHTTPService.send(encryptedString);

I even tried to append POST to the encrypted string, even though
HTTPService object's method 'POST' determines that...
myHTTPService.send('POST ' + encryptedString);

Both return:

"Missing required oauth parameter: oauth_signature_method"

It seems to me I'm checking every single step except the last one, and
then it's failing. Sorry, I'm not seeing my error.

You have any other thoughts / suggestions?

[John]

As far as I can see you are passing the encryptedString to a function
myHTTPService.send(string) which is not a FatSecret API call that I am
aware of.

Normally a HTTP request requires you to build up a URL with parameters
and either specify whether you are using the GET or POST method so on
our end we know how to digest your request.

Judging from the error message you are receiving (i.e. "Missing
required oauth parameter: oauth_signature_method"), it indicates that
the request you have sent through is incorrectly POSTing the
oauth_signature_method parameter. What I think is happening though is
that you are not sending any parameters correctly.

My suggestion is to look up examples of how to send a HTTP request in
the language you are programming in. We have examples for how this is
done for Java, C#.NET and PHP in the libraries which can be found
here: http://platform.fatsecret.com/api/Default.aspx?screen=res

> ...
>
> read more »

[John]

Hi Matt -- Posting your message to the thread as per your request (you
did hit reply to author)


Again, thank you for taking time to look thru this.

I found out thru http packet sniffing that ( I'm using Flex - I'm
using the HTTPService (RPC) component with the "POST" method) my
object that Requests the URL has a header that still shows "GET". I've
been thru 2 days of research & can't figure it out - so I suppose the
method is part of the problem.

Do you have any contacts / technical resources plugged in to Flex who
can help? I actually started this months ago trying to manually port
your example library PHP solution to coldfusion (my server technology)
- I didn't finish porting the example b/c I can't make basic
authentication work yet.

I know from Len (in sales) you have client(s) who have implemented
Flex w/ FatSecret API & all of the community docs I'm finding re::
HTTP Post are not solving this for me.

Would that error (missing oauth_signature_method) occur if I was
Requesting URL with "GET" instead of "POST"? Or would another error
happen? I ask because, in my research I found that Flex doesn't
correctly report Header results when it has a return code 200, (what
I'm getting, which is status code for "OK" request) - so I may
following wrong solution and 1 working version would get me out of
this cycle of frustration.

As for me building the correct params, here's what I have built - and
checked it w/ FS API a dozen times, looks OK (this is encoded). You
should see it has all the parameters & the FatSecret reported "missing
parameter oauth_signature_method":

POST & http%3A%2F%2Fplatform.fatsecret.com%2Frest%2Fserver.api &
oauth_consumer_key%3D**my consumer_key hidden for forum posting*
%26oauth_nonce%3Dabc%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1308877181282000%26oauth_version%3D1.0

Thanks for any help,
Matt

> ...
>
> read more »

[Matt M]

Thanks for posting that, John. After I sent this one you posted, I
posted another, but I don't see it here - perhaps it went to you
directly.

I've actually got 'post' correctly posting & I'm verifying thru HTTP
proxy I have all the requisite 'params', at least no more 'missing'
errors.

I'm at the point where I get the error that signature is unrecognized,
code 8, I think.

Are my steps incorrect? I'm close but missing something. I almost have
the api steps memorized and to me I have it 100% right, but I am still
getting the error.

1. create signature base string
-- by concat HTTP 'POST' & request url & params

2. create oauth_signature
-- by part 1 'KEY': oauth_consumer_key '&' oauth_shared_key (both
provided to me by FatSecret)
-- part 2 'TEXT' uriEncoding signature base string (#1 above)
-- part 3 encrypting (part 1 KEY, part 2 TEXT), resulting in the
'oauth_signature'

3. send HTTP request as key:value paris (signature base string '&'
oauth_signature) to fatsecret

[Matt M]

I've actually got 'post' correctly posting & I'm verifying thru HTTP
proxy I have all the requisite 'params', at least no more 'missing'
errors.

I'm at the point where I get the error that signature is
unrecognized,
code 8, I think.

Are my steps incorrect? I'm close but missing something. I almost
have
the api steps memorized and to me I have it 100% right, but I am
still
getting the error.

1. create signature base string
-- by concat HTTP 'POST' & request url & params
2. create oauth_signature
-- by part 1 'KEY': oauth_consumer_key '&' oauth_shared_key (both
provided to me by FatSecret)
-- part 2 'TEXT' uriEncoding signature base string (#1 above)
-- part 3 encrypting (part 1 KEY, part 2 TEXT), resulting in the
'oauth_signature'
3. send HTTP request as key:value paris (signature base string '&'
oauth_signature) to fatsecret