search

litl / rauth

A Python library for OAuth 1.0/a, 2.0, and Ofly.
http://readthedocs.org/docs/rauth/en/latest/
MIT License
1.61k stars 175 forks source link

oauth_problem=signature_invalid magento #199

Open Rajags opened 7 years ago

Rajags commented 7 years ago

<?php

require("app/Mage.php");

Mage::app();

$oauth_token =array();
$oauthbaseurl = "https://sandbox.woohoo.in/";
$requestTokenUrl = "https://sandbox.woohoo.in/oauth/initiate?oauth_callback=oob";
$accessTokenUrl = "https://sandbox.woohoo.in/oauth/token";
$consumerkey ="8af50260ae5444bdc34665c2b6e6daa9";
$consumersecret = "93c1d8f362749dd1fe0a819ae8b5de95";
$callbackUrl = "https://sandbox.woohoo.in/";
$oauth_signature_method =   'HMAC-SHA1';
$oauth_timestamp    =   time();
$oauth_nonce    =   md5(mt_rand());
$oauth_version  =   "1.0";

$url  =   'https://sandbox.woohoo.in/oauth/token';

$params = array( 'siteUrl' => $oauthbaseurl, 'requestTokenUrl' => $requestTokenUrl, 'accessTokenUrl' => $accessTokenUrl, 'consumerKey' => $consumerkey, 'consumerSecret' => $consumersecret, 'callbackUrl' => $callbackUrl );

$base_string1 =
"GET&" .urlencode($url) . "&" .
urlencode(
   "oauth_consumer_key=". $consumerkey
  . "&oauth_nonce=" . $oauth_nonce
  . "&oauth_signature_method=" . $oauth_signature_method
  . "&oauth_timestamp=" .$oauth_timestamp
  . "&oauth_version=" . $oauth_version
        );

$consumer = new Zend_Oauth_Consumer($params);

$requestToken = $consumer->getRequestToken();  

$Token= split("&", $requestToken);

$AccessToken = $Token[0];
$AccessTokenSecret = $Token[1];

$AccessTokenval = split("=", $AccessToken); 
$AccessTokenSecretval = split("=", $AccessTokenSecret); 
echo  $oauth_token['oauth_token'] = $AccessTokenval[1];
echo " / ".  $oauth_token['oauth_token_secret'] =$AccessTokenSecretval[1];

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://sandbox.woohoo.in/oauth/authorize/customerVerifier/?oauth_consumer_key=".$consumerkey."&oauth_token=".$oauth_token['oauth_token']."&username=finnovationapisandbox%40woohoo.in&password=finnovationapisandbox%401234",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => array(
    "cache-control: no-cache",
    "postman-token: 48f942ad-5c78-b31d-4471-3a11695ef868"
  ),
));

$woohoospend_response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $woohoospend_response;
}

$woohoospend = json_decode($woohoospend_response);

$woohooverifier = $woohoospend->verifier;

$sig_string = urlencode($consumersecret) . '&' . urlencode($consumerkey);

$oauthSig = base64_encode(hash_hmac("sha1", $base_string1, $sig_string, true));

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://sandbox.woohoo.in/oauth/token/?oauth_consumer_key=".$consumerkey."&oauth_signature_method=HMAC-SHA1&oauth_verifier=".$woohooverifier."&oauth_token=".$oauth_token['oauth_token']."&oauth_version=1.0&oauth_nonce=".$oauth_nonce."&oauth_timestamp=" .$oauth_timestamp."&oauth_signature=".$oauthSig."&oauth_callback=oob",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => array(
    "cache-control: no-cache",
    "postman-token: 48f942ad-5c78-b31d-4471-3a11695ef868"
  ),
));

$woohoospendresponse = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $woohoospendresponse;
}

I m getting response like this 8037b72f811ab475bc974b40935248a1 / 0b76eca45b47011b4d51f2f6179ee0f6{"success":true,"verifier":"e793623107ebe3d4e30d2bd2592ed7c9"}oauth_problem=signature_invalid

Please help me anyone why i m getting oauth problem and signature invalid

laurent-pck commented 2 years ago

Hi @Rajags, I had the same problem. I tried requests-oauthlib, which seems to be more maintained, but it's happening there too. I could debug it for rauth. The problem is described in this comment https://github.com/requests/requests-oauthlib/issues/257#issuecomment-1161743797

As a workaround, I did an override of SignatureMethod::_normalize_request_parameters()

def _normalize_request_parameters(self, oauth_params, req_kwargs):
    """
    This is a workaroud. Rauth do encode a space in params as + in the query string and as %20 for the
    signature. On the server side, the Zend Framework computes the signature from the query string with space
    encoded as +. This leads to a signature mismatch.
    """
    original_response = super()._normalize_request_parameters(oauth_params, req_kwargs)

    return original_response.replace('%20', '%2B')

Note that for magento, the signature algorithm must also be adapted to use HmacSha256.