AlvAChristina / oauth-signpost

Automatically exported from code.google.com/p/oauth-signpost
0 stars 0 forks source link

Occasional incorrect token generation #54

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
On occasion, a token is generated incorrectly, causing the OAUTH server to 
reject the signature as invalid.

This is occurring on all versions on Android.

The OAUTH service in Yahoo.

I contacted Yahoo about the problem, they stated that with using the same 
signature base string, they generate a different signature than the one 
generated by oauth-signpost.  

A topic is on the Yahoo OAUTH forum and can be viewed here:
http://developer.yahoo.net/forum/index.php?showtopic=6211

Every time this error occurs, the oauth token generated by signpost will always 
start with "A%3D", which leads me to think this is a signpost bug and not a 
Yahoo issue.  

Below are the header values from a request that generated this error.  I have 
additional samples if requested.  This error is infrequent, but in some cases 
repeatable. 

401 WWW-Authenticate: OAuth oauth_problem="signature_invalid", 
realm="yahooapis.com"Authorization Required type is oauth Authorization OAuth 
oauth_token="A%3Drb2V6pXJ4j8btunxgUpxcopWaCbHg4sV8zEsbtqzejxCoGA2qPTgBJwxayM85lQ
Eayb3JM_8TUUugeDIRmkKEeu1Y1xWQJfgEu9Ggy.Hmxj1kPT.pfJ0cKKYUyv41kpwuyFOA0zBiwSWqMJ
UJreBgaR749it5GLnpDcLHsJR1V74eHWaCvgDGvQVBEBssoRv3ZDCPXSNqIBzCn3z42c5wl6py3E1GKe
0XP2yIokOQyP_ibv9MenNJOHKMU2RXshh3W2A1NKuTM.oQQo.b80Og_0JbEbzplZSk_IrTS83yXJn1tO
HMj1D7Rmp17taJmAQ8dz7B59wj4pZfVLvSGPsw1jQcDEajdom_OgEvcmNUM9PsVR3u3dduEdgaegxens
drjdofagjwpsYJs3TVV9Rm7Gei34juax5xBqi.Q1K6B4lqR0_E.2oWw0ZPMGsmVyy87kkGhiMfhJ4Scs
mnoE2kmFttXDmcxisZ2x5hFOSMp45F3vH5R1HQeSm8dCGHJtlToBuOngeDLSWVgOUpMJ9pog72qJikEn
RFyoTRTo5Td9oO.DzY7C6xgBvFkLdFQsoQ6mLVL4nWPTAyJwXci06zSNNYPzDpQ3Jzp2sHRWcFYUl07i
s6wIgVLhXuED3eT1gWhLnpkrMRbiccx6_XN75TXK.jP8QxXpxJapUlQ1iCxfBQdHaHOqtde6DFmpexjW
ui5Q.qwfez89J28ms1rlmDlEz_GVyTdT5Uw85gxlo7IZ1", 
oauth_session_handle="AE0BDkzATwHhjLY61VsEfIDXGZgPf8zvTGqLm0KxxjkN6V3bvPZ_", 
oauth_consumer_key="dj0yJmk9TWNKTkxpU3h1aHBJJmQ9WVdrOWN6VkRZemQwTXpZbWNHbzlNVEUx
TnpFd056azJNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD0wOQ--", oauth_version="1.0", 
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1279064871", 
oauth_nonce="-528383862", oauth_signature="LVfQk4nPpdgL%2BixJUzf8c2XNLts%3D" 
Signature Base String:
GET&http%3A%2F%2Ffantasysports.yahooapis.com%2Ffantasy%2Fv2%2Fteam%2F242.l.58138
.t.9%2Fstats%3Btype%3Dweek%3Bweek%3D1&format%3Djson%26oauth_consumer_key%3Ddj0yJ
mk9TWNKTkxpU3h1aHBJJmQ9WVdrOWN6VkRZemQwTXpZbWNHbzlNVEUxTnpFd056azJNZy0tJnM9Y29uc
3VtZXJzZWNyZXQmeD0wOQ--%26oauth_nonce%3D-528383862%26oauth_session_handle%3DAE0B
DkzATwHhjLY61VsEfIDXGZgPf8zvTGqLm0KxxjkN6V3bvPZ_%26oauth_signature_method%3DHMAC
-SHA1%26oauth_timestamp%3D1279064871%26oauth_token%3DA%253Drb2V6pXJ4j8btunxgUpxc
opWaCbHg4sV8zEsbtqzejxCoGA2qPTgBJwxayM85lQEayb3JM_8TUUugeDIRmkKEeu1Y1xWQJfgEu9Gg
y.Hmxj1kPT.pfJ0cKKYUyv41kpwuyFOA0zBiwSWqMJUJreBgaR749it5GLnpDcLHsJR1V74eHWaCvgDG
vQVBEBssoRv3ZDCPXSNqIBzCn3z42c5wl6py3E1GKe0XP2yIokOQyP_ibv9MenNJOHKMU2RXshh3W2A1
NKuTM.oQQo.b80Og_0JbEbzplZSk_IrTS83yXJn1tOHMj1D7Rmp17taJmAQ8dz7B59wj4pZfVLvSGPsw
1jQcDEajdom_OgEvcmNUM9PsVR3u3dduEdgaegxensdrjdofagjwpsYJs3TVV9Rm7Gei34juax5xBqi.
Q1K6B4lqR0_E.2oWw0ZPMGsmVyy87kkGhiMfhJ4ScsmnoE2kmFttXDmcxisZ2x5hFOSMp45F3vH5R1HQ
eSm8dCGHJtlToBuOngeDLSWVgOUpMJ9pog72qJikEnRFyoTRTo5Td9oO.DzY7C6xgBvFkLdFQsoQ6mLV
L4nWPTAyJwXci06zSNNYPzDpQ3Jzp2sHRWcFYUl07is6wIgVLhXuED3eT1gWhLnpkrMRbiccx6_XN75T
XK.jP8QxXpxJapUlQ1iCxfBQdHaHOqtde6DFmpexjWui5Q.qwfez89J28ms1rlmDlEz_GVyTdT5Uw85g
xlo7IZ1%26oauth_version%3D1.0

Original issue reported on code.google.com by mbwo...@gmail.com on 14 Jul 2010 at 12:06

GoogleCodeExporter commented 8 years ago
This issue can be removed it was a threading issue that has since been resolved

Original comment by mbwo...@gmail.com on 15 Jul 2010 at 6:09

GoogleCodeExporter commented 8 years ago
Okay -- thanks for investigating.

Original comment by m.kaepp...@gmail.com on 15 Jul 2010 at 7:37