Can you send the list of keys included in authorization header your consumer is
sending?
If the header includes xoauth_* or some other keys used for OAuth extentions,
it might cause the signature verification failure.
These keys should not be included in the header.
Some library use these as signature base string (at least Python & Perl).
PHP and Ruby library doesn't use these keys as signature base string.
On 2009/12/02, at 18:40, File4Share wrote:
> I really get angry with oAuth that took my 2 days to understand what
> is going on.
>
> Just look at this.
> When i try to generate a signature via term.ie with my generated
> signature i am succedd to connect google to get request token
> but with my asp.net application what ever i tried i could not connect
> to it. Then i made line by line debugging for php and .Net and i see
> that
>
> return base64_encode(hash_hmac('sha1', $base_string, $key, true));
> this function generates a different result then
>
> Private Function ComputeHash(ByVal hashAlgorithm As HashAlgorithm,
> ByVal data As String) As String
>
> i looked deeply to each variable
> echo "<script>alert('" . $base_string . "')</script>";
> echo "<script>alert('" . $key . "')</script>";
> echo "<script>alert('" . base64_encode(hash_hmac('sha1', $base_string,
> $key, true)) . "')</script>";
> they are all the same with asp.net 's created signature base and
> keys :
> hmacsha1.Key = Encoding.ASCII.GetBytes(String.Format("{0}&{1}",
> UrlEncode(consumerSecret), If(String.IsNullOrEmpty(tokenSecret), "",
> UrlEncode(tokenSecret))))
>
>
> but the result is completely different and twitter,linkedIn and other
> social networks are accepting the resulted signature but google
> not ... Google preder to get the result of : base64_encode(hash_hmac
> ('sha1', $base_string, $key, true));
> while google.gdata.client.outhbase is different then this and same
> with my resulted signatue
>
>
> and please help me to find a way to write a function which gets the
> same result with this php function.....
>
> --
>
> You received this message because you are subscribed to the Google Groups
> "OAuth" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/oauth?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
