Hey Max & company,

I'm having oauth problems with matching signatures. Basically, when I compile a signature locally to compare against the oauth_signature in the GET, it only works ~1/6 of the time.  [in other words, if i sit here & reload my page 6 times, i usually only get it to work once].

i've just noticed this happening for the first time today.. the same process has been in use on my app since we first released it a few months ago. is this somehow related to the problem described in this post? i'm running an iframe'd app...

Here's my code:

unset($_GET['oauth_signature']);

ksort($_GET);

$base_string = 'GET&'.

urlencode($baseUrl).'&'.

urlencode(http_build_query($_GET));

$secret = urlencode($secret).'&';

$local_signature = base64_encode(hash_hmac("sha1", $base_string, $secret, TRUE));

if ($remote_signature == $local_signature){

//authenticated

}

thanks!

Hi Max --

This is still a problem, but only for some MySpace users:  we've found that users created since this problem was first reported to us are affected; older users seem to be fine.

We haven't investigated in much more depth since discovering your Twitter post saying that you were aware of this problem - so this may not be a correct characterisation of the problem.

My "External Domain" is set to http://www.xumii.com

The auth url is

api.myspace.com/authorize

So the protocol & domain in oauth_callback match those in "External Domain".

This redirects to

api.myspace.com/.../LinkAccount

which displays the error message ("Bad Request - The callback uri doesn't start with associated application domain").

Would it matter that our callback uri does a redirect to https://www.xumii.com/...?

The "Edit App Information" page has the following hint for "External Domain":

"The domain of your external app. This domain must match the domain provided in the oauth_callback parameter when requesting session based authentication."

I think you should change this to mention that protocol is checked & that subdomains are ignored.

Thanks

Hi,

I'm getting the above error for our DA app:

profile.myspace.com/index.cfm

I've read this blog post about this error, and I've set the external domain to

http://www.coolchaser.com

and external url to:

http://www.coolchaser.com/myspace/user_info

To access the DA app, go to

http://www.coolchaser.com/myspace/pre

Help please!

Thanks,

chao

Hi,

I have followed your instructions. I am getting 401 Unauthorized error.

Can you please suggest something that I can do to solve this?

The error that I am getting is at the stage when I am making request to Access_token.

Thanks!

Kind Regards

Bill

It is working when:

1. in app settings - External Domain:http://example.solocoo.tv

2. in query - www.example.solocoo.tv/something

or the other way:

It is working when:

1. in app settings - External Domain: www.example.solocoo.tv

2. in query - example.solocoo.tv/something

I also experiencing error 404 several times. Thanks for the suggestions! I hope it will work! http://www.fvinterest.com/