Oauth signature_invalid

Skip to first unread message


Aug 18, 2010, 11:21:30 PM8/18/10
to OAuth PHP
I can't wrap my brain around why this isn't work... I really think it
should be. Please help.

I'm trying to use OAuth to connect to Google Accounts for use in an

Here is the error I get:

signature_invalid base_string:GET&https%3A%2F%2Fwww.google.com
%CONSUMER KEY HERE%26oauth_nonce

Here is my code:

$consumer = ''; // Would be consumer key
$secret = ''; // Would be secret
$callback = ''; // Would be callback URL

$mt = microtime();
$rand = mt_rand();
$nonce = md5($mt . $rand);
$time = time();

$url = 'https://www.google.com/accounts/OAuthGetRequestToken';
$path = '/accounts/OAuthGetRequestToken';

$scope = 'https://www.googleapis.com/auth/latitude';

$post = array(
'oauth_callback' => $callback,
'oauth_consumer_key' => $consumer,
'oauth_nonce' => $nonce,
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => $time,
'oauth_version' => '1.0'

$post_string = '';
foreach($post as $key => $value)
$post_string .= $key.'='.urlencode($value).'&';
$post_string = rtrim($post_string, '&');

$key_parts = array($consumer, $secret);

$key_parts = array_map('urlencode', $key_parts);
$key = implode('&', $key_parts);

$base_string = 'GET&'.urlencode($scope).'&'.$post_string;
$signature = base64_encode(hash_hmac('sha1', $base_string, $key,
$post['oauth_signature'] = $signature;
$header_string = '';
foreach($post as $key => $value)
$header_string .= $key.'="'.urlencode($value).'", ';
$header_string = trim($header_string);
$header_string = rtrim($header_string, ',');

$header[] = 'GET '.$path.'?scope='.urlencode($scope).' HTTP/1.1';
$header[] = 'Host: www.google.com';
$header[] = 'Accept: */*';
//$header[] = 'Content-Type: application/x-www-form-urlencoded';
$header[] = 'Authorization: OAuth '.$header_string;
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_URL, $url.'?scope='.$scope);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);

Morten Fangel

Aug 19, 2010, 3:51:19 PM8/19/10
to oaut...@googlegroups.com
Hi Marcus

Don't reinvent the wheel. Use one of the many existing php libraries for generating valid OAuth requests.

Your mistake is likely to be in missing sorting, wrong encoding, or other similar issues - all which is dealt with correctly in one of the many (good) libraries..

Here would be the equiv. code to perform the request using the PHP library hosted at oauth.net:

require 'OAuth.php';

// setup consumer and callback
$consumer = new OAuthConsumer('consumer-key', 'consumer-secret');
$callback = 'http://your-callback.com/callback';

// setup the request
$request = OAuthRequest::from_consumer_and_token(
$req->set_parameter('oauth_callback', $callback);
$req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, null);

// perform the request
$curl = curl_init();
$params = $req->get_parameters();
foreach( array_keys($params) AS $i )
if( substr($i, 0, 6) == 'oauth_' )

$url = $req->get_normalized_http_url() . '?' . http_build_query($params);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(

$response = curl_exec($curl);


(I just wrote / adjusted existing code in my email-app, so no guarantees it'll work. But you'll get the idea..)

The other libraries (like oauth-php, the pecl-extension etc) will have similar functionalites. So please use a library instead of trying to reinvent the wheel. It should save yourself a lot of trouble.



> --
> You received this message because you are subscribed to the Google Groups "OAuth PHP" group.
> To post to this group, send email to oaut...@googlegroups.com.
> To unsubscribe from this group, send email to oauth-php+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/oauth-php?hl=en.

Reply all
Reply to author
0 new messages