Managed Hosting



Project Home Wiki Known Issues Contact Project

OAuth Issue: Invalid signature

Name: Invalid signature
ID: 3
Project: OAuth
Type: Bug
Area: Code
Severity: Normal
Status: Fixed
Related URL:
Creator: ian reis
Created: 06/01/10 6:01 PM
Updated: 06/07/10 9:27 AM
Description: When attempting to use this library with google OAuth the signature that is produced is invalid. I think it may be double encoding something.
History: Created by onesien (ian reis) : 06/01/10 6:01 PM

Comment by hklein (Harry Klein) : 06/02/10 10:47 AM
Please make sure that you don't have any spaces in the key or signature as that will lead to an invalid sig.

Comment by gene (Gene Schmitt) : 06/02/10 11:13 AM
I had exactly the same problem while attempting to fetch a RequestToken @ https://www.google.com/accounts/OAuthGetRequestToken
After a long search I found out the consumer secret have to be urlEncodedFormatted. The oauthsignaturemethod_hmac_sha1.cfc does not do this for you, so you have to put them in Encoded, or change the line (from the buildSignature function):

      <cfset sKey       = arguments.oConsumer.getSecret() & "&" & arguments.oToken.getSecret()>

Updated by hklein (Harry Klein) : 06/07/10 9:27 AM
V 0.9.4

To add a comment to this bug, please login using the link above.