General Questions/Comments

Re: Invalid Digital Signature

rondata — Sun, 07 Jun 2009 15:17:07 GMT

Which language?

Re: Invalid Digital Signature

Sivamurugan — Wed, 03 Jun 2009 07:05:33 GMT

my secret keyt: is

57a0ef1eb3484e218bd2972da55ea14f

my consumer key: http://www.myspace.com/sivap

Re: Invalid Digital Signature

Sivamurugan — Wed, 03 Jun 2009 07:03:57 GMT

Hi ALL

I still facing the problem

Invalid digital signature for base string: "GET&http%3A%2F%2Fapi.myspace.com%2Fv1%2Fusers%2F478417543%2Ffriends.xml&oauth_consumer_key%3DC50CF2B2-B4E3-420a-9839-7966192982A1%26oauth_nonce%3D633796088385795185%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1244012039%26oauth_version%3D1.0"

Please assist me.Thanks in advance.

Re: Invalid Digital Signature

Oleg — Wed, 07 Jan 2009 15:37:58 GMT

Hi, thank you for interesting it that matter. Fortunately, i've solved it somehow :-). Now it works fine. I don't know if it's bug or not. Just a minute i shall describe later. I guess it seems like double encoding. So, the consumer key should be in form of http://myapaces.com/vvvvvv and when i "urlencode", i got the following: http%3A%2F%2Fmyspace.com%2Fvvvvv. The authontification is failed with the error 401. But, and it's quite fascinating, if pass the consumer key like this: http%3A%2F%2Fmyspace.com%2Fvvvvv, and after, urlencode, the server accepts it. Amazing, isn't it?!

By the way, i write on the Java.

Any comments/suggestions would be appreciated.

Cheers, Oleg.

Re: Invalid Digital Signature

rondata — Tue, 06 Jan 2009 18:26:11 GMT

Oleg are you still having this problem?

Oleg:
Hello, experts!
This topic is very popular, and i'm also trying to solve 401 (invalid dig. signature) still second day. I'm blank and ask you if you could help me somewhat.
So,
the URL is:
http://api.myspace.com/v1/users/440332656?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F440555278&oauth_nonce=7410411398079278968&oauth_signature=3KzTHZ2obKKUzTvtUiRz6VU8QN0%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1230630722&oauth_version=1.0
the Base String:
GET&http%3A%2F%2Fapi.myspace.com%2Fv1%2Fusers%2F440332656&oauth_consumer_key%3Dhttp%3A%2F%2Fwww.myspace.com%2F440555278%26oauth_nonce%3D7410411398079278968%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1230630722%26oauth_version%3D1.0
the signature is:
3KzTHZ2obKKUzTvtUiRz6VU8QN0=
Consumer secret: a534fc1c65ce4c2aa429e08a26d32421
Something wrong is there, but i cannot to find it :-(
I would appreciate any kind of help.
Thanks in advance, Oleg.

Re: Invalid Digital Signature

Vaughan — Mon, 05 Jan 2009 18:16:57 GMT

I'm using Perl... can someone please tell me how to construct oauth_nonce??

and is it just the timestamp and nonce I need to dynamically change for a given app?

Also, I've been using the Oauth testing tool for this yet when I copy and paste the resulting URI into a new tab, it comes back with rogue request - is that supposed to happen or am i missing something? I know the request is valid, because if I hard code it in my program it works... until the key expires anyway. So since I've got the timestamp ok, the only other thing I think it could be is nonce, and I'm not clear on how to construct that value.

Thanks,

Vaughan

Re: Invalid Digital Signature

Oleg — Tue, 30 Dec 2008 10:02:03 GMT

Hello, experts!

This topic is very popular, and i'm also trying to solve 401 (invalid dig. signature) still second day. I'm blank and ask you if you could help me somewhat.

So,

the URL is:

http://api.myspace.com/v1/users/440332656?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F440555278&oauth_nonce=7410411398079278968&oauth_signature=3KzTHZ2obKKUzTvtUiRz6VU8QN0%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1230630722&oauth_version=1.0

the Base String:

GET&http%3A%2F%2Fapi.myspace.com%2Fv1%2Fusers%2F440332656&oauth_consumer_key%3Dhttp%3A%2F%2Fwww.myspace.com%2F440555278%26oauth_nonce%3D7410411398079278968%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1230630722%26oauth_version%3D1.0

the signature is:

3KzTHZ2obKKUzTvtUiRz6VU8QN0=

Consumer secret: a534fc1c65ce4c2aa429e08a26d32421

Something wrong is there, but i cannot to find it :-(

I would appreciate any kind of help.

Thanks in advance, Oleg.

Re: Invalid Digital Signature

Nemesh — Fri, 14 Nov 2008 09:40:16 GMT

Hi can you please give C# code for this as i am stuck in the middle it would be a great help if you provide C# code to validate the signed request

Re: Invalid Digital Signature

Joseph — Fri, 08 Feb 2008 23:00:42 GMT

In my experience *grin* it's always the initial sign in process that's the hardest. Once you have that solved... it's cake to integrate all of the other methods. It's like building blocks, just need a good foundation.

Thanks for your help. I'm sure we will be finding more good stuff.

Joseph

Re: Invalid Digital Signature

Jonathan — Fri, 08 Feb 2008 22:06:28 GMT

Hey Joseph,

Congrats on getting it working!

Hopefully the rest of the app dev process will be easier ;-) (it can't be any harder... can it?!)

Jonathan

Re: Invalid Digital Signature

Jonathan — Fri, 08 Feb 2008 21:58:17 GMT

Sorry, i can't see it now either... i must have looked at the wrong versions of output (i ran several tests)

I re-ran your data and dumped the signature, which was: 87VYQDuLUvX2D+P1yZJy/+VmVlE= (base 64 encoded)

After urlencoding the signature becomes: 87VYQDuLUvX2D%2BP1yZJy%2F%2BVmVlE%3D

Given that the base strings are the same (they are, i checked again), it looks like your problem is in either the key or the HMAC-SHA1 call.

You're not UTF8 encoding the key or the basestring prior to the HMAC-SHA1 call are you? (this caused me some grief).

The key should be constructed as: URLEncode("Security Key") + '&'

Sorry about the mislead, hope the above helps. Good luck!

Jonathan

Re: Invalid Digital Signature

Joseph — Fri, 08 Feb 2008 21:57:18 GMT

Nevermind... I'm sure that all the other things were necessary because the OAuthBase.cs example file from www.oauth.net had a few things in it that didn't match up to the MySpace spec.

However I realized this is the line that was the culprit:

Correct (how it is now)HMACSHA1 hmacsha1 = new HMACSHA1();
hmacsha1.Key = Encoding.UTF8.GetBytes(consumerSecret + "&");

VS

INCORRECT (how it was)

HMACSHA1 hmacsha1 = new HMACSHA1();
hmacsha1.Key = Encoding.UTF8.GetBytes(UrlEncode(consumerSecret + "&"));

Thanks again for all the help Jonathan and Rajiv.

Great suggestion Jonathan on the OAuth tool... that will more than likely help the next group of developers that come through.

Thanks!
Joseph

Re: Invalid Digital Signature

Joseph — Fri, 08 Feb 2008 21:36:29 GMT

321144008:

The nonce field value is different than yours (which would cause the signature to be different), you seem to have an extra '3D' right after the equal sign in the nonce data (which could point to a url encoding problem, either at the key=value level or when you are url encoding the entire parameter string).

I'm sorry man I must be missing where you are pointing out the extra 3D. Where is it that I have the extra 3D... if our base strings match wouldn't it have to be in the hashing routine somewhere that the issue exists?

Thanks again!

Joseph

Re: Invalid Digital Signature

Jonathan — Fri, 08 Feb 2008 19:11:58 GMT

I ran your info through my code and got the following:

BaseString:

GET&http%3A%2F%2Fapi.msappspace.com%2Fv1%2Fusers%2F30344243.xml&oauth_consumer_key%3Dhttp%253A%252F%252Fwww.myspace.com%252F329303884%26oauth_nonce%3D0e53f0eb-68dc-44ce-b184-377846bb9519%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1202493637%26oauth_token%3D%26oauth_version%3D1.0

Which matches your base string exactly!

URI:

http://api.msappspace.com/v1/users/30344243.xml?oauth_nonce=0e53f0eb-68dc-44ce-b184-377846bb9519&oauth_timestamp=1202493637&oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329303884&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_token=&oauth_signature=87VYQDuLUvX2D%2BP1yZJy%2F%2BVmVlE%3D

The nonce field value is different than yours (which would cause the signature to be different), you seem to have an extra '3D' right after the equal sign in the nonce data (which could point to a url encoding problem, either at the key=value level or when you are url encoding the entire parameter string).

webphreak:
Rajiv can you provide the code for the OAuth Testing Tool.. it is written in .NET correct? That example would help me alot if I could see the code of how it's generating everything.

I have suggested some changes to the OAuth Tool which would make life a bit easier for developers (without having to grope thru myspace code), posted here: http://developer.myspace.com/Community/forums/t/212.aspx

Jonathan

Re: Invalid Digital Signature

Joseph — Fri, 08 Feb 2008 18:27:45 GMT

So I have followed all of those things and it's still not properly generating the signature. There must be something I am still missing... what do you guys get for the signature with the following values?

Base String

GET&http%3A%2F%2Fapi.msappspace.com%2Fv1%2Fusers%2F30344243.xml&oauth_consumer_key%3Dhttp%253A%252F%252Fwww.myspace.com%252F329303884%26oauth_nonce%3D0e53f0eb-68dc-44ce-b184-377846bb9519%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1202493637%26oauth_token%3D%26oauth_version%3D1.0

Consumer Secret
0a8102bd0e3c424ba3eef5ef1e43cd96

Signature
x+PKDk/4ucrW8sqQ7E65uI8gFpk=

url encoded
x%2BPKDk%2F4ucrW8sqQ7E65uI8gFpk%3D

Final URL
http://api.msappspace.com/v1/users/30344243.xml?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329303884&oauth_nonce=0e53f0eb-68dc-44ce-b184-377846bb9519&oauth_signature=x%2BPKDk%2F4ucrW8sqQ7E65uI8gFpk%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1202493637&oauth_token=&oauth_version=1.0

Thank you for all the help so far. It just doesn't seem like a very easy task to accomplish on the .NET framework for some odd reason.

Rajiv can you provide the code for the OAuth Testing Tool.. it is written in .NET correct? That example would help me alot if I could see the code of how it's generating everything.

Thanks!
Joseph