PHP: invalid signature when using POST and HMAC-SHA1

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Using POST instead of GET requesting the request token
2. Using HMAC-SHA1 as Signature Method
3.

What is the expected output? What do you see instead?

oauth_token=requestkey&oauth_token_secret=requestsecret

instead I get:

Invalid signature

What version of the product are you using? On what operating system?

Revision 1236 on Windows 7, Apache 2.2

Please provide any additional information below.

If I use plain-text as Signature Method I get the request token right, but when 
I try to use SHA1 it fails.

Original issue reported on code.google.com by lgome...@gmail.com on 24 Jun 2010 at 9:47

[GoogleCodeExporter]

I've got this problem too, maybe someone found a solution?

Original comment by julius.s...@gmail.com on 19 Jan 2011 at 12:32

[GoogleCodeExporter]

I'm having this problem as well, Objective-C OAuth POST request with parameters 
in the Uri.  Does not return the same oauth_signature as Apache Commons, though 
it does for GET requests with or without parameters and POST requests without 
them.

Original comment by thom...@gmail.com on 25 Jan 2011 at 12:43

[GoogleCodeExporter]

Original comment by morten.f...@gmail.com on 29 Mar 2011 at 4:28

• Added labels: Lib-PHP, Type-Defect

[GoogleCodeExporter]

I found passing in the POST data in the OAuthRequest constructor should work 
around the problem. The issue is that the base_string does not have the 
parameter appended because there are no parameters set on a POST request.

Example:
$req = new OAuthRequest($method, $uri, $_POST);

Original comment by mitmaro on 22 Jun 2011 at 3:00