I have a slackbot that posts a message for a user and was working for a few months without any hiccups but is now not posting a message, after some digging I see that the error I'm getting back from slack is
{
"ok":false,
"error":"invalid_request_data"
}
Googling hasn't helped me find anything and I'm not sure what the problem is now knowing that it was working this whole time and no code has changed.
When the user types in a slash command, it hits a php file interactive.php this allows the user to fill out some information and that information then gets sent to deploy.php via slack as well
This is the deploy.php file
<?php
$receivedRequest = json_decode($_POST['payload'], true);
$type = $receivedRequest["type"];
if ($type != "dialog_submission") {
exit("No");
}
$response_url = $receivedRequest["response_url"];
$user_id = $receivedRequest["user"]["id"];
$service = $receivedRequest["submission"]["service"];
$rollback = $receivedRequest["submission"]["rollback"];
$target = $receivedRequest["submission"]["target"];
$featureList = $receivedRequest["submission"]["featureList"];
$diff = $receivedRequest["submission"]["diff"];
$environment = $receivedRequest["submission"]["environment"];
$canary = $receivedRequest["submission"]["canary"];
if ($canary == "yes"){
$environment = $environment . " _canary_ ";
}
$data = [
"response_type" => "in_channel",
"text" =>
"<#" . $user_id . ">" . " is deploying *" . $service . "* to *" . $environment . "*" .
"\n" .
"*rollback: " . $rollback . " target: " . $target . "*\n" .
$featureList . "\n" .
"Diff: " . $diff . "\n <!here>"
];
$payload = json_encode($data);
// Prepare new cURL resource
$ch = curl_init($response_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
// Set HTTP Header for POST request
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Content-Type: application/json",
"Content-Length: " . strlen($payload),
]);
// Submit the POST request
$result = curl_exec($ch);
// Close cURL session handle
curl_close($ch);
return json_encode(array(
'status' => 200,
'message' => ''
));
The issue I'm having is that the $result variable now holds the error I put above.
Does anyone happen to know what the issue could be?
Thanks!!
Welp, it started to work again.
Must have been something on Slack's end. Weird because their status page didn't indicate anything
I'm trying to connect to the LivePerson Engagement History API and I'm running into an issue that I believe is related to the signature being generated.
First off, the API already provides the necessary consumer key, consumer secret, access token, and token secret. So I don't have to go through the process of retrieving those. In order to access their API I just have to provide the auth header. I've mocked everything up using Postman and it all works correctly. The issue is when I try to generate my own timestamp/nonce/signature in my class.
Here's the method from my class that sends the cURL request:
private function execute($options = array())
{
if (!isset($options['url'])) {
return;
}
$ch = curl_init($options['url']);
$method = (isset($options['method'])) ? $options['method'] : 'GET';
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (isset($options['auth']) && $options['auth']) {
$timestamp = round(microtime(true) * 1000);
$nonce = $this->getNonce(11);
$version = "1.0";
$signatureMethod = "HMAC-SHA1";
$signature = $this->generateSignature($options, $timestamp, $nonce, $signatureMethod, $version);
$authHeader = "Authorization: OAuth oauth_consumer_key=\"{$this->consumerKey}\",oauth_token=\"{$this->accessToken}\",oauth_signature_method=\"{$signatureMethod}\",oauth_timestamp=\"{$timestamp}\",oauth_nonce=\"{$nonce}\",oauth_version=\"{$version}\",oauth_signature=\"{$signature}\"";
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
$authHeader,
"Content-Type: application/json"
));
}
if (isset($options['body']) && !empty($options['body'])) {
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($options['body']));
}
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
The getNonce method I copied pretty much directly from https://github.com/BaglerIT/OAuthSimple/blob/master/src/OAuthSimple.php.
Here's the method I've written to generate the signature (which has been cobbled together from various SO posts and other sources):
protected function generateSignature($request, $timestamp, $nonce, $signatureMethod, $version)
{
$base = $request['method'] . "&" . rawurlencode($request['url']) . "&"
. rawurlencode("oauth_consumer_key=" . rawurlencode($this->consumerKey)
. "&oauth_nonce=" . rawurlencode($nonce)
. "&oauth_signature_method=" . rawurlencode($signatureMethod)
. "&oauth_timestamp=" . $timestamp
. "&oauth_version=" . $version);
$key = rawurlencode($this->consumerSecret) . '&' . rawurlencode($this->tokenSecret);
$signature = base64_encode(hash_hmac('sha1', $base, $key, true));
return $signature;
}
I can actually copy and paste the authorization header from Postman into my $authHeader variable, and replace everything except the timestamp/nonce/signature, and it works.
The response I'm getting from their server right now is [code] => 0005 but I can't find anything in their docs about response codes.
Edit: I had missed looking at the response header - the exact error is invalid signature.
There are 2 things I changed to get this to work.
I was missing the oauth_token when creating the base string for the signature
According to the OAuth Core 1.0 documentation, "Parameters are sorted by name, using lexicographical byte value ordering."
So I ended up re-ordering the parameters to be alphabetical. Here's what the code for generating the base string ended up looking like:
$base = $request['method'] . "&" . rawurlencode($request['url']) . "&"
. rawurlencode("oauth_consumer_key=" . rawurlencode($this->consumerKey)
. "&oauth_nonce=" . rawurlencode($nonce)
. "&oauth_signature_method=" . rawurlencode($signatureMethod)
. "&oauth_timestamp=" . rawurlencode($timestamp)
. "&oauth_token=" . rawurlencode($this->accessToken)
. "&oauth_version=" . rawurlencode($version));
I also re-ordered the params in the auth header to match the order of the base string:
$authHeader = "Authorization: OAuth oauth_consumer_key=\"{$this->consumerKey}\",oauth_nonce=\"{$nonce}\",oauth_signature_method=\"{$signatureMethod}\",oauth_timestamp=\"{$timestamp}\",oauth_token=\"{$this->accessToken}\",oauth_version=\"{$version}\",oauth_signature=\"{$signature}\"";
$base = $request['method']
. '&' . rawurlencode($request['url'])
. '&' . rawurlencode('oauth_consumer_key=' . $this->consumerKey)
. rawurlencode('&oauth_nonce=' . $nonce)
. rawurlencode('&oauth_signature_method=' . $signatureMethod)
. rawurlencode('&oauth_timestamp=' . $timestamp)
. rawurlencode('&oauth_version=' . $version)
. rawurlencode('&' . http_build_query($data));
$key = rawurlencode($this->consumerSecret) . '&';
$signature = rawurlencode(base64_encode(hash_hmac('SHA1', $base, $key, true)));
If you do a POST, make sure to include your posted data, otherwise the signature will not validate.
CURLOPT_HTTPHEADER => array(
"authorization: OAuth oauth_consumer_key=\"{$consumerKey}\",oauth_signature_method=\"{$signatureMethod}\",oauth_timestamp=\"{$timestamp}\",oauth_nonce=\"{$nonce}\",oauth_version=\"{$version}\",oauth_signature=\"{$oauthSignature}\"",
"content-type: application/x-www-form-urlencoded",
),
And the header should be as above
This fixed version worked for me :
function generateOauthSignature($method, $url, $consumerKey, $nonce, $signatureMethod, $timestamp, $version, $consumerSecret, $tokenSecret, $tokenValue, $extraParams = array())
{
$base = strtoupper($method) . "&" . rawurlencode($url) . "&"
. rawurlencode("oauth_consumer_key=" . $consumerKey
. "&oauth_nonce=" . $nonce
. "&oauth_signature_method=" . $signatureMethod
. "&oauth_timestamp=" . $timestamp
. "&oauth_token=" . $tokenValue
. "&oauth_version=" . $version);
if (!empty($extraParams)) {
$base .= rawurlencode("&" . http_build_query($extraParams));
}
$key = rawurlencode($consumerSecret) . '&' . rawurlencode($tokenSecret);
$signature = base64_encode(hash_hmac('sha1', $base, $key, true));
return rawurlencode($signature);
}
The following twitter thread helped me : https://twittercommunity.com/t/how-to-generate-oauth-signature-when-post-json-body-in-php/87581
I was also struggling with the proper setup of the OAuth 1 signature and had a lot of failed attempts. After TGA's hint to have a look how it's done with Twitter, I found out that there is an existing class which may be used out-of-the-box:
TwitterAPIExchange.php from the repository https://github.com/J7mbo/twitter-api-php.
Even if is called "Twitter...", it may also be used for other OAuth1 APIs. Calls will look like this:
$settings = array(
'oauth_access_token' => TOKEN,
'oauth_access_token_secret' => TOKEN_SECRET,
'consumer_key' => CONSUMER_KEY,
'consumer_secret' => CONSUMER_SECRET
);
$url = "https://api-url.com/api/v4/users/0451432/";
$requestMethod = 'POST';
$postfields = array(
'groupIds' => '23,24,25',
);
$twitter = new TwitterAPIExchange($settings);
return $twitter->buildOauth($url, $requestMethod)
->setPostfields($postfields)
->performRequest();
It works perfect for me.
This version matches the OAuth PECL library's function so you no longer need it.
public static function oauth_get_sbs(
$requestMethod,
$requestURL,
$request_parameters
): string
{
return $requestMethod . "&" . rawurlencode($requestURL) . "&"
. rawurlencode("oauth_consumer_key=" . rawurlencode($request_parameters['oauth_consumer_key'])
. "&oauth_nonce=" . rawurlencode($request_parameters['oauth_nonce'])
. "&oauth_signature_method=" . rawurlencode($request_parameters['oauth_signature_method'])
. "&oauth_timestamp=" . $request_parameters['oauth_timestamp']
. "&oauth_token=" . $request_parameters['oauth_token']
. "&oauth_version=" . $request_parameters['oauth_version']);
}
I've been attempting to create a signature to amazons API service, however I keep getting
SignatureDoesNotMatch on all my attempts and I honestly can't see what I've done wrong. This is my code;
<?php
require_once('.config.inc.php');
$sercretAccessKey = "XXXXX";
$site = $_GET['site'];
$serviceUrl = "";
$signatureUrl = "";
//UK marketplace
$marketplaceIdNumber = "A1F83G8C2ARO7P";
date_default_timezone_set('America/Phoenix');
$serviceUrl = "https://mws.amazonservices.de/Orders/2013-09-01";
$signatureUrl = "mws.amazonservices.de";
// Get total from 31 days ago
$t1 = date("c", time()-31*24*60*60);
$AccessKey = "AWSAccessKeyId=" . urlencode("xxxxx");
$action = "&Action=" . urlencode("ListOrders");
$fulfillmentChannel = "&FulfillmentChannel.Channel.1=" . urlencode("MFN");
$updateAfter = "&LastUpdatedAfter=" . urlencode($t1);
$marketplaceId = "&MarketplaceId.Id.1=" . urlencode($marketplaceIdNumber);
$orderStatus1 = "&OrderStatus.Status.1=" . urlencode("Unshipped");
$orderStatus2 = "&OrderStatus.Status.2=" . urlencode("PartiallyShipped");
$sellerID = "&SellerId=" . urlencode("xxxx");
$signatureMethod = "&SignatureMethod=" . urlencode("HmacSHA256");
$signatureVersion = "&SignatureVersion=" . urlencode("2");
$timeStamp = "&Timestamp=" . urlencode(date("c"));
$version = "&Version=" . urlencode("2013-09-01");
$stringToSignature =
"POST\n" .
"$signatureUrl\n" .
"/Orders/2013-09-01\n" .
$AccessKey . $action . $fulfillmentChannel . $updateAfter . $marketplaceId . $orderStatus1 . $orderStatus2 . $sellerID . $signatureMethod . $signatureVersion . $timeStamp . $version;
$signatureCode = hash_hmac('sha256', $stringToSignature, $sercretAccessKey, true);
$signatureCodeBaseEncoded = base64_encode($signatureCode);
$signatureCodeEncoded = urlencode($signatureCodeBaseEncoded);
$signature = "&Signature=" . $signatureCodeEncoded;
$targetURL = $serviceUrl . "?" . $AccessKey . $action . $fulfillmentChannel . $updateAfter . $marketplaceId . $orderStatus1 . $orderStatus2 . $sellerID . $signatureMethod . $signatureVersion . $timeStamp . $version . $signature;
// create context
$context = array('header' => 'Content-Type: text/xml');
$ci = curl_init($targetURL);
curl_setopt($ci, CURLOPT_POST, 1);
curl_setopt($ci, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ci, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ci, CURLOPT_POSTFIELDS,"xmlRequest");
$result = curl_exec($ci);
echo $result;
?>
In theory this should work. I've followed their tutorials and followed what their scratchpad told me. So my request should be in canonical format.
Any help would be great!
I should probably note that the only way I can get any response from amazon is through the german serviceurl.
I want to update User table of DATA BROWSER using objectId(With out getting user to log in ) using following code.
But I am getting:
error({"code":101,"error":"object not found for update"})
can any one tell me what is wrong with this:
$className = "Classname";
$objectIdToEdit = $_SESSION['objectId'];
$url = 'https://api.parse.com/1/classes/' . $className . '/' . $objectIdToEdit;
$appId = '***********************';
$restKey = '***********';
$updatedData = '{"firstname":"Billie123"}';
$rest = curl_init();
curl_setopt($rest,CURLOPT_URL,$url);
curl_setopt($rest,CURLOPT_PORT,443);
curl_setopt($rest,CURLOPT_CUSTOMREQUEST,"PUT");
curl_setopt($rest,CURLOPT_RETURNTRANSFER, true);
curl_setopt($rest,CURLOPT_POSTFIELDS,$updatedData);
curl_setopt($rest,CURLOPT_HTTPHEADER, array(
"X-Parse-Application-Id: " . $appId,
"X-Parse-Master-Key: " . $restKey,
"Content-Type: application/json")
);
$response = curl_exec($rest);
echo $response;
I solved problem my self ,URL I was using is to save data
$url = 'https://api.parse.com/1/classes/' . $className . '/' . $objectIdToEdit;
I just changed URL to update data and problem is solved
$url = 'https://api.parse.com/1/' . $className . '/' . $objectIdToEdit;
thanks Ghost for editing
I am facing some problem in generating oauth_signature for flickr api. Can you please look into this and advise me what I am doing wrong?
// p.s. I am sharing my Flickr key and secret as I will change them when I will start production development.
Code
/* PHP code */
$NONCE=base64_decode(rand());
$TIMESTAMP= gmdate('U');
$SECRET="39b4f5fd592ede81";
$KEY="1bab082052d7cf8b3aa9e2bc92882ac0";
$CONSUMER_SECRET= $SECRET. "&";
$url_1 = "http://www.flickr.com/services/oauth/request_token?";
$url_1 = urlencode($url_1);
$url_2 = "oauth_callback=http%3A%2F%2Flocalhost%2FFlickr%2Flogin.php&oauth_consumer_key=". $KEY;
$url_2 .="&oauth_nonce=". $NONCE. "&oauth_signature_method=HMAC-SHA1&oauth_timestamp=". $TIMESTAMP. "&oauth_version=1.0";
// generate signature
$BASE_STRING ="";
$BASE_STRING .= "GET&". urlencode($url_1). urlencode($url_2);
$API_SIG= base64_encode(hash_hmac("sha1",$BASE_STRING,$CONSUMER_SECRET, true) );
// url generate
$url="http://www.flickr.com/services/oauth/request_token?oauth_callback=http://localhost/Flickr/login.php&oauth_consumer_key=". $KEY;
$url.="&oauth_nonce=". $NONCE. "&oauth_timestamp=". $TIMESTAMP. "&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=". $API_SIG;
// calling
$ch=curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_REFERER, "http://www.example.org/yay.htm");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla Firefox/3.0");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data= curl_exec($ch);
echo $data;
curl_close($ch);
This worked for me, hopefully it helps someone else...
<?php
$consumerKey = 'your_Flickr_key';
$consumerSecret = 'your_Flickr_secret';
$requestTokenUrl = "https://www.flickr.com/services/oauth/request_token";
$oauthTimestamp = time();
$nonce = md5(mt_rand());
$oauthSignatureMethod = "HMAC-SHA1";
$oauthVersion = "1.0";
$sigBase = "GET&" . rawurlencode($requestTokenUrl) . "&"
. rawurlencode("oauth_consumer_key=" . rawurlencode($consumerKey)
. "&oauth_nonce=" . rawurlencode($nonce)
. "&oauth_signature_method=" . rawurlencode($oauthSignatureMethod)
. "&oauth_timestamp=" . $oauthTimestamp
. "&oauth_version=" . $oauthVersion);
$sigKey = $consumerSecret . "&";
$oauthSig = base64_encode(hash_hmac("sha1", $sigBase, $sigKey, true));
$requestUrl = $requestTokenUrl . "?"
. "oauth_consumer_key=" . rawurlencode($consumerKey)
. "&oauth_nonce=" . rawurlencode($nonce)
. "&oauth_signature_method=" . rawurlencode($oauthSignatureMethod)
. "&oauth_timestamp=" . rawurlencode($oauthTimestamp)
. "&oauth_version=" . rawurlencode($oauthVersion)
. "&oauth_signature=" . rawurlencode($oauthSig);
$response = file_get_contents($requestUrl);
var_export($response);
I am answering my own question. Thanks to Sam Judson: http://www.wackylabs.net
I removed base64_decode() from generating random numbers and it just did worked.