Sorry about triple post... i think the forum software is going crazy...

Yeah I basically am doing a straight redirect after I get the signature and I do URLencode the signature, obviously because the base64 string sometimes has /'s and other characters that need encoding.

Response.Redirect("http://api.msappspace.com/v1/users/30344243.xml?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329303884&oauth_nonce=" + nonce + "&oauth_signature=" + Server.UrlEncode(str1) + "&oauth_signature_method=HMAC-SHA1&oauth_timestamp=" + timestamp + "&oauth_token=&oauth_version=1.0");

I'm still trying compare the differences but without the backend code of the OAuth test tool I don't think I will find out what's going on. I might try changing the nonce to be a guid like they have it.

Joseph

I am going to take apart the PHP Client Library, line-by-line (tomorrow, too late to start tonite), to see how it builds the digital signature and URL. If i find anything interesting I'll post it.

Jonathan

 Guys I'm just curious - what is the HTTPStatus Description

401 could be

 1) Invalid Digital signature( which might have been passed)

 2) if the user has not installed the application against which you're trying to query 

i tried

REQUEST: http://api.msappspace.com/v1/users/30344243.xml?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329303884&oauth_nonce=025a1395-c3e0-44c1-b35e-d5dd18ae35a9&oauth_signature=7EkU18A4Yk%2FiwVVG%2B6hx8YoPJoM%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1202436288&oauth_token=&oauth_version=1.0 

RESPONSE:

<error xmlns="api-v1.myspace.com"><statuscode>401</statuscode><message>User has not installed the current application.</message></error> 

Try this one.

Auth Tool
http://api.msappspace.com/v1/users/30344243.xml?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329303884&oauth_nonce=a3268cd3-84b7-4c5e-8ad1-10af968a36b6&oauth_signature=zCidkD3n3EulkLETaheaMfdHK4k%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1202441227&oauth_token=&oauth_version=1.0

appears to be the same thing you had only it does work. This is from the Auth Tool though.. still no fix inside my application yet.

Invalid digital signature is what is passed back for this one which is virtually the same.

My Application
http://api.msappspace.com/v1/users/30344243.xml?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329303884&oauth_nonce=75a3354e-8307-4264-b78a-0fbc98c48c30&oauth_signature=ZUd6LyyXayH1UYlxe%2ft7lozg3eg%3d&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1202441300&oauth_token=&oauth_version=1.0

We'll get it at some point.

Perhaps the concatenation and the order of the parameters aren't be normalized properly in my application. who knows.

Joseph

Please include the Base string and the consumer Secret if you want to check against mine. Having said that the request parameters are normalized in the order, we should be getting up to the signature correctly, Once we get this we should be able to urlEncode the whole querystring and then make a request. Lets do this way and check.

thanks,

-Rajiv 

Ok, I think i got the problem where it is, looks like you're URLEncoding the while Basestring. it shouldn't be

GET&(URLEncode(URI))&(Normalizedparams).

Normalizedparams=UrlEncode(oauth_consumer_key)&UrlEncode(oauth_nonce)&.....so on

You should be able to nail it this time:)

Thanks,

-Rajiv

Success at last!  (thanks to Rajiv for pointing me in the right direction!)

Here is the algorithm that worked for me:

BaseString = 'GET&' + URLEncode(URI) + '&' + URLEncode(NormalizedParams)

URI = HTTP scheme + host + path (eg. http://api.msappspace.com/v1/users/123456789.json)

NormalizedParms = URLEncode(key1) + '=' + URLEncode(value1) + '&' + URLEncode(key2) + '=' + URLEncode(value2)...

signature = HMAC-SHA1("Security Key", BaseString)

Security Key is from your "My Applications -> Edit Details" page

Notes:

• you have to urlencode each 'key' and each 'value' separately, then concatenate the pair with an '=' character
• the 'key=value' substrings are concatenated together with '&' (careful, do not leave a trailing '&' at the end of the string)
• the entire NormalizedParms string is then urlencoded!
• do NOT force the Security Key or the BaseString to UTF8 (default on my server is 'ascii' and it worked)

Good Luck!

Jonathan

I ran your info through my code and got the following:

BaseString:

GET&http%3A%2F%2Fapi.msappspace.com%2Fv1%2Fusers%2F30344243.xml&oauth_consumer_key%3Dhttp%253A%252F%252Fwww.myspace.com%252F329303884%26oauth_nonce%3D0e53f0eb-68dc-44ce-b184-377846bb9519%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1202493637%26oauth_token%3D%26oauth_version%3D1.0

Which matches your base string exactly!

URI:

http://api.msappspace.com/v1/users/30344243.xml?oauth_nonce=0e53f0eb-68dc-44ce-b184-377846bb9519&oauth_timestamp=1202493637&oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F329303884&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_token=&oauth_signature=87VYQDuLUvX2D%2BP1yZJy%2F%2BVmVlE%3D

The nonce field value is different than yours (which would cause the signature to be different), you seem to have an extra '3D' right after the equal sign in the nonce data (which could point to a url encoding problem, either at the key=value level or when you are url encoding the entire parameter string).

webphreak:

Rajiv can you provide the code for the OAuth Testing Tool.. it is written in .NET correct? That example would help me alot if I could see the code of how it's generating everything.

I have suggested some changes to the OAuth Tool which would make life a bit easier for developers (without having to grope thru myspace code), posted here: http://developer.myspace.com/Community/forums/t/212.aspx 

Jonathan

321144008:

The nonce field value is different than yours (which would cause the signature to be different), you seem to have an extra '3D' right after the equal sign in the nonce data (which could point to a url encoding problem, either at the key=value level or when you are url encoding the entire parameter string).

Thanks again!

Joseph

Sorry, i can't see it now either... i must have looked at the wrong versions of output (i ran several tests)

I re-ran your data and dumped the signature, which was: 87VYQDuLUvX2D+P1yZJy/+VmVlE= (base 64 encoded)

After urlencoding the signature becomes: 87VYQDuLUvX2D%2BP1yZJy%2F%2BVmVlE%3D

Given that the base strings are the same (they are, i checked again), it looks like your problem is in either the key or the HMAC-SHA1 call.

You're not UTF8 encoding the key or the basestring prior to the HMAC-SHA1 call are you? (this caused me some grief).

The key should be constructed as:  URLEncode("Security Key") + '&'

Sorry about the mislead, hope the above helps. Good luck!

Jonathan 

Hey Joseph,

Congrats on getting it working!

Hopefully the rest of the app dev process will be easier ;-)    (it can't be any harder... can it?!)

Jonathan