tags:

views:

547

answers:

6
+1  Q: 

Invalid OAuth Signature returned while using Yammer Api

I am trying to write a small webapp that pulls data from Yammer. I have to go through Yammer's OAuth bridge to access their data. I tried using the Oauth php library and do the 3 way handshake. But at the last step, I get an error stating I have an invalid OAuth Signature.

Here are the series of steps:

  1. The first part involves getting the request Token URL and these are the query parameters that I pass.

        [oauth_version] => 1.0
    [oauth_nonce] => 4e495b6a5864f5a0a51fecbca9bf3c4b
    [oauth_timestamp] => 1256105827
    [oauth_consumer_key] => my_consumer_key
    [oauth_signature_method] => HMAC-SHA1
    [oauth_signature] => FML2eacPNH6HIGxJXnhwQUHPeOY=

  2. Once this step is complete, I get the request Token as follows:

    [oauth_token] => 6aMcbRK5wMqHgZQsdfsd [oauth_token_secret] => ro8AJxZ67sUDoiOTk8sl4V3js0uyof1uPJVB14asdfs [oauth_callback_confirmed] => true

  3. I then try to authorize the given token and token secret by passing the parameters to the authorize url.It takes me to Yammer's authentication page where I have allow my app to talk to Yammer.

  4. Yammer then gives me a 4 digit code that I have to put back into my application which then tries to acquire the permanent access token. I pass the following information to the access token URL:

        [oauth_version] => 1.0
    [oauth_nonce] => 52b22495ecd9eba277c1ce6b97b00fdc
    [oauth_timestamp] => 1256106815
    [oauth_consumer_key] => myconsumerkey
    [callback_token] => 61A7
    [oauth_token] => 6aMcbRK5wMqHgZQsdfsd
    [oauth_token_secret] => ro8AJxZ67sUDoiOTk8sl4V3js0uyof1uPJVB14asdfs
    [oauth_callback_confirmed] => true
    [oauth_signature_method] => HMAC-SHA1
    [oauth_signature] => V9YcMDq2rP7OiZTK1k5kb/otMzA=

  5. Here I am supposed to receive the Oauth Permanent access token, but instead I get a Invalid Oauth signature. I dont know what I am doing wrong. I use the same signaures to sign the request. Should I sign the request using the new token and secret? I tried that as well but to no avail. I even tried implementing this in java using signpost library and got stuck at the exact same place. Help Help!!

A: 

yes me too facing the same problem...

Darshana  2009-11-06 06:44:45
A: 

The callback_token was something Yammer introduced in response to an OAuth security advisory earlier this year. When OAuth 1.0a was released, it was instead named oauth_verifier. However, it's not unlikely that Yammer still supports their workaround but rename it and try again to be sure.

Also, the below is information from the Yammer Development Network yesterday:

Tomorrow we will be releasing some changes to the Yammer API to facilitate user network switching on API clients. Most of the change is in the OAuth Access Tokens call which allows you to generate pre-authorized OAuth access tokens for a given user. One token will be generated for each network they are in and your clients switch networks by sending an API request signed with the appropriate token for that network.

I'm assuming that Yammer OAuth libraries might need to be updated per this change. I haven't taken a look at it yet.

Edit: My python-yammer-oauth library still works despite Yammer having changed things on their side.

Edit2: Could you try using signature method PLAINTEXT instead of HMAC-SHA1? I've had problems with Yammer and HMAC-SHA1.

lemonad  2009-11-06 06:57:26
A: 

Thanks Lemonad for your reply..

I tried your solution by adding oauth_verifier in my above request query.. but still it gives me the Invalid OAuth signature result.

I don't know why is so..

Do you have any other idea that I can try it out.

Darshana  2009-11-06 09:54:05
I've updated my reply with another suggestion that I think might help!
lemonad  2009-11-06 10:21:03
A: 

I tried by using PLAINTEXT.. but for this method its giving me the same "Invalid OAuth signature" error even for requesting the token.

So is it possible to generate the access token we use HMAC-SHA1 and for accessing the actual API method i.e. for posting the message.. we use PLAINTEXT?

Darshana  2009-11-09 08:53:38
A: 

I'm having this problem with Yammer/Oauth as well - I'm stuck at the same place as the last comment from Darshana (using PLAINTEXT, get an Invalid Oauth signature error when requesting the token...)

Did you find a way around this?

Johan  2010-08-09 21:59:53
Sorry Johan. I didn't get around this problem. Wrote to the Yammer guys as well but didn't receive any replies.
Ritesh M Nayak  2010-08-10 06:58:07
A: 

Hi Ritesh, just found the problem!

I had forgotten to add an ampersand ("&") at the end of CONSUMER_SECRET. Perhaps this is your issue as well?

Johan  2010-08-10 10:49:26

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases