getting E900 - invalid oauth signature / consumer key
151 views
Skip to first unread message
Blakomen
Nov 14, 2010, 5:34:56 AM11/14/10
to Powershop Developers
Hey guys, I'm working on a Powershop power meter app for Windows Phone
7, and I'm having troubles requesting the request key - I keep getting
a 400 response with E900 from both the test and live servers.
I've triple checked my consumer key and secret, and it is identical to
the one I got in my initial email, so does that mean that the problem
is with the signature being generated by the HMAC-SHA1 encryption?
The Authorization header I am providing to
http://suppliertest.youdo.co.nz/external_api/request_token looks as
below:
{Authorization: OAuth
oauth_timestamp="1289729378",oauth_nonce="QVwccVmT0WcHTuSE8",oauth_version="1.0",oauth_signature_method="HMAC-
SHA1",oauth_consumer_key="myconsumerkey",oauth_signature="TaFpbrJFRYUnodCdXigR2vfbXsE
%3D",oauth_callback="oob"}
I can also provide my source code if anyone is interested in having a
look - any ideas or suggestions as to what to look into next to get
the request token would be greatly appreciated.
Thanks,
Henry
7, and I'm having troubles requesting the request key - I keep getting
a 400 response with E900 from both the test and live servers.
I've triple checked my consumer key and secret, and it is identical to
the one I got in my initial email, so does that mean that the problem
is with the signature being generated by the HMAC-SHA1 encryption?
The Authorization header I am providing to
http://suppliertest.youdo.co.nz/external_api/request_token looks as
below:
{Authorization: OAuth
oauth_timestamp="1289729378",oauth_nonce="QVwccVmT0WcHTuSE8",oauth_version="1.0",oauth_signature_method="HMAC-
SHA1",oauth_consumer_key="myconsumerkey",oauth_signature="TaFpbrJFRYUnodCdXigR2vfbXsE
%3D",oauth_callback="oob"}
I can also provide my source code if anyone is interested in having a
look - any ideas or suggestions as to what to look into next to get
the request token would be greatly appreciated.
Thanks,
Henry
Chris Smith
Nov 14, 2010, 3:29:11 PM11/14/10
to Powershop Developers
Hi Blakomen,
I'm working on the android client and I spent a lot of time wrestling with OAuth.
Something that jumps out at me is this:
oauth_callback="oob"
With my Android app, I had to specify a junk URL there (something like powershop://callback) and registered my application within the Android system to be the handler for that URL - therefore I could capture what was returned by powershop.
Now, IIRC, Powershop doesn't allow out-of-band callbacks and require the user to directly interface with their site during the login phase (instead of the "oob" pin number method). Not sure of the best way to configure that with WP7, but it might be worth checking out sources for how to handle non-oob logins.
Cheers,
Chris.
--
You received this message because you are subscribed to the Google Groups "Powershop Developers" group.
To post to this group, send email to powershop-...@googlegroups.com.
To unsubscribe from this group, send email to powershop-develo...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/powershop-developers?hl=en.
Roger Nesbitt
Nov 14, 2010, 4:12:20 PM11/14/10
to Powershop Developers
You'll get a reasonably unfriendly page with the oauth verifier code if you specify 'oob'. We decided against going for the PIN approach for now, preferring that API implementors use a registered scheme to get the information back into the app like you have, Chris.
Henry, nothing you're doing jumps out as wrong, so it's likely that it's just the wrong data is being signed. One thing to check is that you're putting your request variables on the URL for GET requests, and putting them in the body of the request for POST requests. If you're still having no luck, feel free to send through your code to my address.
Cheers
Roger
API developer
Blakomen
Nov 14, 2010, 5:42:29 PM11/14/10
to Powershop Developers
Thanks for the response guys,
As far as I could tell my research over the weekend, Windows Phone 7
doesnt (yet) have any way in which developers can register custom url
scheme handlers (eg x-powershop://), so now that I think about it -
I'm not entirely sure how else I'd be able to wire up the OAuth
without using a WebBrowser control....maybe it's a lost cause for now
then :(
In any case, I'll triple check how the OAuth library I borrowed from a
TradeMe project is constructing the token request, and I'll upload the
project / code to a shared location sometime this evening after work.
Thanks again,
Henry
On Nov 15, 10:12 am, Roger Nesbitt <ro...@youdo.co.nz> wrote:
> You'll get a reasonably unfriendly page with the oauth verifier code if you specify 'oob'. We decided against going for the PIN approach for now, preferring that API implementors use a registered scheme to get the information back into the app like you have, Chris.
>
> Henry, nothing you're doing jumps out as wrong, so it's likely that it's just the wrong data is being signed. One thing to check is that you're putting your request variables on the URL for GET requests, and putting them in the body of the request for POST requests. If you're still having no luck, feel free to send through your code to my address.
>
> Cheers
> Roger
> API developer
>
> On 15/11/2010, at 9:29 AM, Chris Smith wrote:
>
> > Hi Blakomen,
>
> > I'm working on the android client and I spent a lot of time wrestling with OAuth.
>
> > Something that jumps out at me is this:
>
> > oauth_callback="oob"
>
> > With my Android app, I had to specify a junk URL there (something like powershop://callback) and registered my application within the Android system to be the handler for that URL - therefore I could capture what was returned by powershop.
>
> > Now, IIRC, Powershop doesn't allow out-of-band callbacks and require the user to directly interface with their site during the login phase (instead of the "oob" pin number method). Not sure of the best way to configure that with WP7, but it might be worth checking out sources for how to handle non-oob logins.
>
> > Cheers,
> > Chris.
>
As far as I could tell my research over the weekend, Windows Phone 7
doesnt (yet) have any way in which developers can register custom url
scheme handlers (eg x-powershop://), so now that I think about it -
I'm not entirely sure how else I'd be able to wire up the OAuth
without using a WebBrowser control....maybe it's a lost cause for now
then :(
In any case, I'll triple check how the OAuth library I borrowed from a
TradeMe project is constructing the token request, and I'll upload the
project / code to a shared location sometime this evening after work.
Thanks again,
Henry
On Nov 15, 10:12 am, Roger Nesbitt <ro...@youdo.co.nz> wrote:
> You'll get a reasonably unfriendly page with the oauth verifier code if you specify 'oob'. We decided against going for the PIN approach for now, preferring that API implementors use a registered scheme to get the information back into the app like you have, Chris.
>
> Henry, nothing you're doing jumps out as wrong, so it's likely that it's just the wrong data is being signed. One thing to check is that you're putting your request variables on the URL for GET requests, and putting them in the body of the request for POST requests. If you're still having no luck, feel free to send through your code to my address.
>
> Cheers
> Roger
> API developer
>
> On 15/11/2010, at 9:29 AM, Chris Smith wrote:
>
> > Hi Blakomen,
>
> > I'm working on the android client and I spent a lot of time wrestling with OAuth.
>
> > Something that jumps out at me is this:
>
> > oauth_callback="oob"
>
> > With my Android app, I had to specify a junk URL there (something like powershop://callback) and registered my application within the Android system to be the handler for that URL - therefore I could capture what was returned by powershop.
>
> > Now, IIRC, Powershop doesn't allow out-of-band callbacks and require the user to directly interface with their site during the login phase (instead of the "oob" pin number method). Not sure of the best way to configure that with WP7, but it might be worth checking out sources for how to handle non-oob logins.
>
> > Cheers,
> > Chris.
>
> > On Sun, Nov 14, 2010 at 11:34 PM, Blakomen <blako...@gmail.com> wrote:
> > Hey guys, I'm working on a Powershop power meter app for Windows Phone
> > 7, and I'm having troubles requesting the request key - I keep getting
> > a 400 response with E900 from both the test and live servers.
>
> > I've triple checked my consumer key and secret, and it is identical to
> > the one I got in my initial email, so does that mean that the problem
> > is with the signature being generated by the HMAC-SHA1 encryption?
>
> > The Authorization header I am providing to
> >http://suppliertest.youdo.co.nz/external_api/request_tokenlooks as
> > Hey guys, I'm working on a Powershop power meter app for Windows Phone
> > 7, and I'm having troubles requesting the request key - I keep getting
> > a 400 response with E900 from both the test and live servers.
>
> > I've triple checked my consumer key and secret, and it is identical to
> > the one I got in my initial email, so does that mean that the problem
> > is with the signature being generated by the HMAC-SHA1 encryption?
>
> > The Authorization header I am providing to
> > below:
>
> > {Authorization: OAuth
> > oauth_timestamp="1289729378",oauth_nonce="QVwccVmT0WcHTuSE8",oauth_version="1.0",oauth_signature_method="HMAC-
> > SHA1",oauth_consumer_key="myconsumerkey",oauth_signature="TaFpbrJFRYUnodCdXigR2vfbXsE
> > %3D",oauth_callback="oob"}
>
> > I can also provide my source code if anyone is interested in having a
> > look - any ideas or suggestions as to what to look into next to get
> > the request token would be greatly appreciated.
>
> > Thanks,
>
> > Henry
>
> > --
> > You received this message because you are subscribed to the Google Groups "Powershop Developers" group.
> > To post to this group, send email to powershop-...@googlegroups.com.
> > To unsubscribe from this group, send email to powershop-develo...@googlegroups.com.
> > For more options, visit this group athttp://groups.google.com/group/powershop-developers?hl=en.
>
> > {Authorization: OAuth
> > oauth_timestamp="1289729378",oauth_nonce="QVwccVmT0WcHTuSE8",oauth_version="1.0",oauth_signature_method="HMAC-
> > SHA1",oauth_consumer_key="myconsumerkey",oauth_signature="TaFpbrJFRYUnodCdXigR2vfbXsE
> > %3D",oauth_callback="oob"}
>
> > I can also provide my source code if anyone is interested in having a
> > look - any ideas or suggestions as to what to look into next to get
> > the request token would be greatly appreciated.
>
> > Thanks,
>
> > Henry
>
> > --
> > You received this message because you are subscribed to the Google Groups "Powershop Developers" group.
> > To post to this group, send email to powershop-...@googlegroups.com.
> > To unsubscribe from this group, send email to powershop-develo...@googlegroups.com.
Blakomen
Nov 15, 2010, 7:15:03 AM11/15/10
to Powershop Developers
Havent been able to get it working yet after spending a few hours
tonight - at one stage I did manage to get a 500 instead of invalid
oauth signature, but that was probably still generating everything
wrong.
I've uploaded my project here: http://rapidshare.com/files/430984053/Powermeter.zip
- if you want to open the entire project you will probably need to
download the windows phone developer tools - the files to look at are
OAuth.Workflow.cs (the GetRequestToken, GetOAuthParameters and build
OAuthWebRequest methods)
Ive had a good look through everything and read up the entire signing
workflow, and i'm pretty sure im doing it properly, but its hard to
tell for certain as the api doesnt explicitly state which algorithm
should be used (though i am guessing HMAC-SHA1)
i should have known it wasnt going to be anywhere as easy as copying
my oauth code from an existing trademe application!
-Henry
> > > SHA1",oauth_consumer_key="myconsumerkey",oauth_signature="TaFpbrJFRYUnodCdXigR2vfbXsE
>
> - Show quoted text -
tonight - at one stage I did manage to get a 500 instead of invalid
oauth signature, but that was probably still generating everything
wrong.
I've uploaded my project here: http://rapidshare.com/files/430984053/Powermeter.zip
- if you want to open the entire project you will probably need to
download the windows phone developer tools - the files to look at are
OAuth.Workflow.cs (the GetRequestToken, GetOAuthParameters and build
OAuthWebRequest methods)
Ive had a good look through everything and read up the entire signing
workflow, and i'm pretty sure im doing it properly, but its hard to
tell for certain as the api doesnt explicitly state which algorithm
should be used (though i am guessing HMAC-SHA1)
i should have known it wasnt going to be anywhere as easy as copying
my oauth code from an existing trademe application!
-Henry
> > > %3D",oauth_callback="oob"}
>
> > > I can also provide my source code if anyone is interested in having a
> > > look - any ideas or suggestions as to what to look into next to get
> > > the request token would be greatly appreciated.
>
> > > Thanks,
>
> > > Henry
>
> > > --
> > > You received this message because you are subscribed to the Google Groups "Powershop Developers" group.
> > > To post to this group, send email to powershop-...@googlegroups.com.
> > > To unsubscribe from this group, send email to powershop-develo...@googlegroups.com.
> > > For more options, visit this group athttp://groups.google.com/group/powershop-developers?hl=en.
>
> > > --
> > > You received this message because you are subscribed to the Google Groups "Powershop Developers" group.
> > > To post to this group, send email to powershop-...@googlegroups.com.
> > > To unsubscribe from this group, send email to powershop-develo...@googlegroups.com.
> > > For more options, visit this group athttp://groups.google.com/group/powershop-developers?hl=en.- Hide quoted text -
>
> > > I can also provide my source code if anyone is interested in having a
> > > look - any ideas or suggestions as to what to look into next to get
> > > the request token would be greatly appreciated.
>
> > > Thanks,
>
> > > Henry
>
> > > --
> > > You received this message because you are subscribed to the Google Groups "Powershop Developers" group.
> > > To post to this group, send email to powershop-...@googlegroups.com.
> > > To unsubscribe from this group, send email to powershop-develo...@googlegroups.com.
> > > For more options, visit this group athttp://groups.google.com/group/powershop-developers?hl=en.
>
> > > --
> > > You received this message because you are subscribed to the Google Groups "Powershop Developers" group.
> > > To post to this group, send email to powershop-...@googlegroups.com.
> > > To unsubscribe from this group, send email to powershop-develo...@googlegroups.com.
>
> - Show quoted text -
Reply all
Reply to author
Forward
0 new messages