I am using php cURL to PUT some informations (Authorization type: Oauth 1.0),
my problem is about generate the unique signature using the consumer_secret and access_token and encoded URL and the '&' also,
I tried to use two methods to generate it but the cURL response is: The signature is invalid. Verify and try again.
this is my last method to generate the signature:
// ------------- START GENERATE SIGNATURE -------------
$oauth = array(
"OAuth oauth_consumer_key=".$this->consumer_key.",
oauth_token=".$this->access_token.",
oauth_signature_method=".$this->signature_method.",
oauth_timestamp=".$timestimp.",
oauth_nonce=".$nonce.",
oauth_version=".$this->version.""
);
$base_info = $this->buildBaseString($this->url, 'PUT', $oauth) .'&';
$composite_key = rawurlencode($this->consumer_secret) . '&' . rawurlencode($this->access_token);
$oauth_signature = base64_encode(hash_hmac('sha1', $base_info, $composite_key, true));
// ------------- END GENERATE SIGNATURE -------------
and this is the buildBaseString function
function buildBaseString($baseURI, $method, $params)
{
$r = array();
ksort($params);
foreach($params as $key=>$value){
$r[] = "$key=" . rawurlencode($value);
}
return $method."&" . rawurlencode($baseURI) . '&' . rawurlencode(implode('&', $r));
}
I need help please.
thanks.
Related
i want to generate the signature this code gives me using simple php with no oauth class:
$oauth = new OAuth($my_key, $my_secret);
$bodyHash = base64_encode(sha1($body_content, true)); //contains the body
$sig = $oauth->generateSignature('GET', $url, Array("oauth_body_hash" => $bodyHash));
what i have done so far is this:
$bodyHash = base64_encode(sha1($xml, true));
$result_data = array(
'oauth_body_hash' => $bodyHash
);
$result_data_keys = array_keys($result_data);
sort($result_data_keys);
$launch_params = array();
foreach ($result_data_keys as $key) {
array_push($launch_params, $key . "=" . rawurlencode($result_data[$key]));
}
$base_string = "POST&" . urlencode($sUrl) . "&" . rawurlencode(implode("&", $launch_params));
$signature = base64_encode(hash_hmac("sha1", $base_string, $my_secret, true));
but im not getting the same signature!
this is the simplified version of the problem i have posted earlier here: Building a body signed oauth xml request for LTI Outcomes service
any idea what im doing wrong?
So, I had issue because I don't have OAuth 1, so to access to ETSY API I had to struggle.
finally I have this :
My function __construct() :
parent::__construct();
$this->allowForUser();
$this->etsyDb = new EtsyordersModel;
$this->client = new Etsy([
'identifier' => getApp()->getConfig('identifier'),
'secret' => getApp()->getConfig('secret'),
'scope' => 'listings_r transactions_r',
'callback_uri' => 'http://*****-*****.loc/etsyapp/next',
'access_token' => getApp()->getConfig('access_token'),
'access_token_secret' => getApp()->getConfig('access_token_secret'),
]);
And here is how I get the url to access my JSON with the result :
$key = rawurlencode($oauthtoken) . "&" . rawurlencode($tokensecret);
$method = "GET";
$baseurl = "https://openapi.etsy.com/v2/shops/24749672/receipts/";
$nonce = "1234";
$timenow = time();
$oauthversion = '1.0';
$paramstring = "oauth_consumer_key=" . $oauthconsumerkey . "&oauth_nonce=" . $nonce . "&oauth_signature_method=HMAC-SHA1" . "&oauth_timestamp=" . $timenow . "&oauth_token=" . $clientsecret . "&oauth_version=" . $oauthversion;
//
// Signature GET to retrieve signature OAuth
$encodeurl = $method . "&" . rawurlencode($baseurl) . "&" . rawurlencode($paramstring);
$signature = hash_hmac( 'sha1', $encodeurl, $key, TRUE );
$signature = base64_encode( $signature );
// url JSON shop ETSY
$curlurl = $baseurl . "?" . $paramstring . "&oauth_signature=" . $signature;
// get JSON content in $orders
$orders = file_get_contents($curlurl);
And so I get my JSON :
I got 90++ items, but because of the pagination, it show me only 25 items.
I tried to add active?limit=100&offset=0 to my $baseurl (at the end of it, as parameter for signature calculation) but it say oauth_problem=signature_invalid&. I tried to put it on the $paramstring
instead, but same result.
How can I have all my result shown, or how can I access to page 2, 3, etc... of the pagination?
I am on PHP 7.4, XAMPP (one of the last version), I don't have OAuth 1 so I used a combination of package Y0lk\OAuth1 and thephpleague\oauth1-client.
Thank you for your time.
So I have got two parameters, Consumer name and api key so I need to generate a signature which is based on my $base and $key variable.
I have commented possible hint for the $key variable but don't know which parameters should I use to generate a key.
Code:
$consumer = 'name_name'; // Would be consumer key
$secret = 'c7b0ae051a3d4846a75e339d7ad8ff77'; // Would be Api key
$url = 'https://new.site.co.uk/api/list'; // Would be url
$method = 'GET';
$base = $method . '&' . rawurlencode($url). '&'
.rawurlencode("oauth_consumer_key=" . rawurlencode($consumer) . '&'
.'&oauth_nonce='.rawurlencode($secret)
.'&oauth_signature_method='.rawurlencode('HMAC-SHA1')
.'&oauth_timestamp='.rawurlencode(time())
.'&oauth_version='.rawurlencode('1.0'));
//$key = rawurlencode($this->secret).'&'.rawurlencode($this->token_secret);
$signature = base64_encode(hash_hmac(“sha1”, $base, $key, false));
dump($signature);die;
I have following code :
$method = "GET";
$host = "payments-sandbox.amazon.com";
$uri = "/cba/api/purchasecontract/";
$private_key='PRIVATE_KEY';
$time = date('c');
$params = array(
'AWSAccessKeyId' => $private_key,
'Action' => "CreatePurchaseContract",
'SignatureMethod' => "HmacSHA256",
'SignatureVersion' => "2",
'Timestamp' => $time);
uksort($params, 'strcmp');
$canonicalized_query = array();
foreach ($params as $param => $value) {
$param = str_replace("%7E", "~", rawurlencode($param));
$value = str_replace("%7E", "~", rawurlencode($value));
$canonicalized_query[] = $param . "=" . $value;
}
$canonicalized_query = implode("&", $canonicalized_query);
$string_to_sign = $method . "\n" . $host . "\n" . $uri . "\n" . $canonicalized_query;
$signature = base64_encode(hash_hmac("sha256", $string_to_sign, $private_key, True));
$signature = str_replace("%7E", "~", rawurlencode($signature));
echo $url = "https://payments-sandbox.amazon.com/cba/api/purchasecontract/"
. "?Action=CreatePurchaseContract"
. "&SignatureMethod=HmacSHA256"
. "&AWSAccessKeyId=$private_key"
. "&Signature=".$signature
. "&SignatureVersion=2"
. "&Timestamp=" . $time;
But when i open url in new tab it's return following XML :
<ErrorResponse>
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>
</Error>
<RequestId>01a5de72-6e3f-11e4-85b3-9119f1b849cd</RequestId>
</ErrorResponse>
And it's give The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. error message when open $url link in new tab.
I dont know what's problem in creating signature??
[UPDATE]
I have try cUrl to fetch data :
$ch = curl_init();
$options = array(CURLOPT_URL => $url);
curl_setopt_array($ch, $options);
$data = curl_exec($ch);
if(!$data){
die('Error: "' . curl_error($ch) . '" - Code: ' . curl_errno($ch));
}
curl_close($ch);
print_r($data);
But it's give me Error: "SSL certificate problem: unable to get local issuer certificate" - Code: 60. So what i do to fetch data from payments-sandbox.amazon.com
I got the same error when I tried to add my credentials with the eb init command in EB CLIx3.
It turned out I had mistyped my credentials every single time. I switched over to console for Windows where I could copy/paste my credentials. Now everything went without a hitch.
So copy/past credentials is my suggestion. If that doesn't work, you might want to create a new access key for a user with admin privileges. You can do that at the IAM section. Then try to copy past again.
I am trying to get issue a cURL request for "request token" method using Fitbit API. Problem is it does not show anything but a blank screen. However this process is suppose to give me an "access token" which I can use to generate a login URL to authenticate users and give access to my app.
I know there is oAuth php class for this but my server doesn't support oAuth so got to use cURL only. Please help! Many thanks in advance.
<?php
define('FITBIT_KEY', '<consumer key from fitbit website>');
define('FITBIT_SECRET', '<consumer secret from fitbit website>');
function buildBaseString($baseURI, $method, $params)
{
$r = array();
ksort($params);
foreach($params as $key=>$value){
$r[] = "$key=" . rawurlencode($value);
}
return $method."&" . rawurlencode($baseURI) . '&' . rawurlencode(implode('&', $r)); //return complete base string
}
function buildAuthorizationHeader($oauth)
{
$r = 'Authorization: OAuth ';
$values = array();
foreach($oauth as $key=>$value)
$values[] = "$key=\"" . rawurlencode($value) . "\"";
$r .= implode(', ', $values);
return $r;
}
$url = "http://api.fitbit.com/oauth/request_token";
$oauth = array( 'oauth_consumer_key' => FITBIT_KEY,
'oauth_consumer_secret' => FITBIT_SECRET,
'oauth_nonce' => time(),
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => time(),
'oauth_version' => '1.0',
'oauth_callback' => 'http://h1.servy.net/zerocuisine/index.php');
$base_info = buildBaseString($url, 'GET', $oauth);
$composite_key = rawurlencode(FITBIT_SECRET) . '&';
$oauth_signature = base64_encode(hash_hmac('sha1', $base_info, $composite_key, true));
$oauth['oauth_signature'] = $oauth_signature;
$header = array(buildAuthorizationHeader($oauth), 'Expect:');
$options = array( CURLOPT_HTTPHEADER => $header,
CURLOPT_HEADER => false,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false);
$feed = curl_init();
curl_setopt_array($feed, $options);
$json = curl_exec($feed);
curl_close($feed);
$fitbit_data = json_decode($json);
echo '<pre>'.print_r($fitbit_data,true).'</pre>'; ?>
There's two problems here which lead to a blank screen. You used http instead of https in your $url. https is required for fitbit token request. You're also running json_decode on a string that's not a json array. The data inside $json is a string from http body response.
Here's my run down in detail to make it fully working below.
Instead of:
$url = "http://api.fitbit.com/oauth/request_token";
Use:
$url = "https://api.fitbit.com/oauth/request_token";
Also remove:
$fitbit_data = json_decode($json);
Change:
echo '<pre>'.print_r($json,true).'</pre>'; ?>
To:
echo '<pre>'. $json .'</pre>'; ?>
This will leave you with the successful response of:
<pre>oauth_token=93bf6ded129fcfa2b687ce6e625477af&oauth_token_secret=c9cc547ca6dd484f73763e23b0987121&oauth_callback_confirmed=true</pre>
shown into your browser.
P.S. make sure to remake this to Oauth 2.0. OAuth 1.0a support will be removed from the Fitbit Web API on April 12, 2016.