I am using IXCBA's Inline Checkout by Amazon plugin for a Magento store. I have a secure encrypted connection to Amazon using SSL. Every time I am trying to make a purchase I keep on getting the same error:
<pre>Simple XMLElement Object
(
Error => SimpleXMLElement Object
Type = > Sender
Code = > SignatureDoesNotMatch
Message = > The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
)
RequestID => id-name
)
<pre/>
I checked the AWS secret key and other data and replaced them countless times, but had no luck. I also asked the extension author for help and posted a question at the Seller Central of Amazon, but no clues given yet how to solve the issue.
Amazon recommends some scripts including a JavaScript to check out issues with the signature.
I was considering using this JavaScript:
function getSignatureKey(key, dateStamp, regionName, serviceName) {
var kDate= Crypto.HMAC(Crypto.SHA256, dateStamp, "AWS4" + key, { asBytes: true})
var kRegion= Crypto.HMAC(Crypto.SHA256, regionName, kDate, { asBytes: true });
var kService=Crypto.HMAC(Crypto.SHA256, serviceName, kRegion, { asBytes: true });
var kSigning= Crypto.HMAC(Crypto.SHA256, "aws4_request", kService, { asBytes: true });
return kSigning;
}
as I at least have some basic knowledge of JavaScript using libraries like jQuery.
But I wonder now what data I need to replace to make the test. I also wonder if I can just use the Firebug JScript console to run the test or if I need to do it differently. The latter I can figure out by testing, but with the former I could use some help.
Update
I ran the script in FF Scratchpad and saw the key was missing so I added the AWS Access Key ID and ran it again, but nothing happened. I got no errors nor output.
Update II
I got another error when I replaced the access key secret key and merchant ID:
Important Message
We're sorry, but there's a problem processing the order from this website.
Please contact the seller for help on placing this order.
perhaps the config at Seller Central is not OK? Link is https://payments-sandbox.amazon.com/gp/cba/v2/widgets ... Perhaps wrong version?
The changes in the database do seem like they helped so perhaps the data I entered in the backend was not stored properly by IXCBA.
Update III
Code in backend was OK after all. After changing it the code got all mangled so I had to do it from the Magento backend again. But then I got the same XML error. Amazon mentioned this:
This now looks really strange. To complete an order, there are several
API calls that your website will have to make. 2 basic ones are
setPurchaseItems to put the order data into the order, and
completePurchaseContract to process the order. In your case, the
signature error is returned by the completePurchaseContract but the
setPurchaseItems worked fine.
In this case, as long as you made sure that the merchantID, Access Key
and secret key field doesn't have leading/trailing spaces in your
magento backend, you will have to reach support from magiex your
plugin provider to take a look. We don't have access to the code thus
can't really help you to fix it.
So I contacted MageIx again. Waiting for a response while I try to figure things out.
In the end there were three issues. One, the installation was somehow not done properly. I had to get it redone. Two, the AWS Merchant ID, key and secret key were not added properly. That I adjusted. And three, there was a server stamp issue that caused and issue with the self signing of the cart. The MageIx developers made a custom extension to circumvent the timestamp issue. Other issues with the entering of the keys and re-installation were not hard to solve. CBA works now
NB
The only issue now is that Inline Checkout by Amazon does not seem to work with FBA. But at Amazon half of the devs say it does and the others say it doesn't. But this is an issue for another thread.
Related
Been going around in circles with this and not getting a definitive answer... The error I am facing is:
oauth_problem=Cannot+create+request+token+because+consumer+token+is+not+a+verifier+token
Everything is correctly set with regards to my oAuth request header and sending to magento path /oauth/token/request. I have, even though the documentation says it doesn't require it (but for testing) added the verifier string to the request...
Pasting the code in here would make for a very long post and the code is working fine albeit it seems something is missing? If I use the verifier string in the consumer key it gives me the following error instead:
oauth_problem=Consumer+key+is+not+the+correct+length
Does anyone have any nuggets of information that the following links are missing that's tripping me up?
http://devdocs.magento.com/guides/v2.0/howdoi/webapi/integration.html
http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-oauth.html#pre-auth-token
I have found this on github, some people have seemed to work it out but not forthcoming with the details of how? github
This error occurs if you already have a request token created in Magento DB table oauth_token (if you're like me and developing an app and raising requests over and over to test), clear this table of its entries (request and verify) before retrying and this error won't appear.
2020 UPDATE:
This answer is still valid. Sometimes you may need to clear the Magento cache also after clearing the oauth_token table entries.
I have a PHP backend and an Android client. With the client the users can log into my app using either Google or Facebook, both via Firebase. I get the token from the FirebaseUser and send it to my server. It is straightforward that the first section (the header) contains the algorithm (which is RS256) and the second one (the payload) has all the user related data. There's a third section which is the signature of the first two to enable verification on my backend. The problem is, I don't know how to do that. More specifically with what.
I used JWT.io to check my token and tried to verify it with no luck. Since the algorithm used is RS256, the verification should be done via the public key. But what public key? I tried with my app's keystore, tried it with Google's certs, but it just keeps saying it's invalid. I understand that the header's kid field is the signing key's ID and I should look for it, but I don't know where.
The Firebase docs don't help either. There is a guide about ID token verification, but that's just useless because it's Java / Node.JS and it still doesn't say anything about public keys.
So the question is: where do I get the public keys from?
Okay, so I dug into the source of the Firebase Server SDK and found the location of the public keys:
https://www.googleapis.com/robot/v1/metadata/x509/securetoken#system.gserviceaccount.com
Don't really know why they just couldn't put it on their website...
Anyways, I'm not sure, but I guess that these keys change on a daily basis (just like the OAuth2 keys do), so you must check and re-cache them on your server every now and then.
Also, you have to check the following values:
alg == "RS256"
iss: https://securetoken.google.com/<firebaseProjectID>
aud: <firebaseProjectID>
sub is non-empty
Found these at this similar question (just scroll to the bottom of the answer), which was found by searching for that specific googleapis.com URL.
This has been a nightmare to get right for the past few days. First I was struggling with redirect_uri_mismatch errors, or bad requests, but now that I thought I nailed it, I'm getting this message from Google after clicking the "Allow" button in the consent screen :
Please copy this code, switch to your application and paste it there
Where exactly do I need to paste this code? I'm using PHP in a web server, I went to the "Other" application type when creating the credentials, because I read that this was preferred if I didn't want my users to keep getting that auth link.
I can't seem to find a concrete example of how to do this, I got it working this far by grabbing bits from here and there, but this one I just can't figure it out.
https://gist.github.com/andruxnet/0f7fe237730c13846a690da12935a708
I'm using a file client_secret.json that I downloaded from Google's oAuth credentials screen, it looks like this:
{"installed":{"client_id":"xxxxxxxxxxxxxxx.apps.googleusercontent.com","project_id":"my-project-id","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"xxxxxxxxxxx","redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"]}}
Anyone knows what else I need to do or where to put that code returned from Google after the consent screen?
Thanks
Although the answer here does not use PHP, I still think it's worth to add it here as it's the only complete working example of how to update a youtube video without displaying the consent screen to the user, at least I wasn't able to find a concrete working example.
I ended up using the Javascript library, I still wasn't able to find a single complete example, not even in the library docs, nor Google's, it took taking pieces of code from here and there, and connecting the dots.
First thing to do is to create the credentials, we do this by going to Google developer console, and under Credentials we create a new OAuth Client ID, choosing Web Application and adding our domain to the Authorized JavaScript origins field - eg. http://www.example.com
The only information we will need from these credentials is the Client ID, so we copy it and paste it in the Javascript file below.
Here's the HTML part, where we also load the API library:
<input type="button" id="make-private" value="private" /> Make video private
<input type="button" id="make-public" value="public" /> Make video public
Current privacy status: <span id="current-status"></span>
<script type="text/javascript" src="update.js"></script>
<script src="https://apis.google.com/js/client.js?onload=googleApiClientReady"></script>
This is the Javascript code to make it happen - update.js in the code above, remember to update with your own client ID: https://gist.github.com/andruxnet/2efe7898f5cd9722e0d42b71fce5d183
The relevant Javascript code, once we figure out the authentication part that can be found in several places online, is this piece of code:
// we first grab the video resource from Youtube, using youtube video id
var request = gapi.client.youtube.videos.list({
id: 'youtubevideoid',
part: 'status'
});
// once we get the video resource, we update the status and
// run the update method
request.execute(function(response) {
// since we looked for a video id, we only got one result - the first
// and only item in the array of result items
video = response.result.items[0];
// set the privacy status to one of public, private or unlisted
video.status.privacyStatus = 'private';
// prepare the update with the new privacy status
var updateRequest = gapi.client.youtube.videos.update({
part: 'status',
fields: 'status',
resource: video
});
// execute the update - I didn't see this part in the API documentation,
// I found it somewhere else in SO as part of another question, although
// I should've figured it out by looking at the first list() method above
updateRequest.execute();
});
I hope this saves someone's time in the future as it would have saved my own.
Cheers
I see disinformation, go and check this link:
https://developers.google.com/api-client-library/php/auth/web-app#example
There you have many examples of what you are requesting, anyway the code you are receiving from google is the Auth Code which allows you to authenticate the client (The Google_client->authenticate(AuthCode) created in you php app to be more exact), after that you can start using their services with Accesstoken or RefreshTokens depending on what type of connection you requested to generete the perms.
I hope this comment help you a bit with the nightmare of developing Google Services :)
I've been using the Facebook php sdk to interact with facebook quite successfully. When I tried to create a photo album the code created a duplicate. At first I thought it was the php sdk (using 3.x). I tried switching to Perl with LWP::UserAgent and LWP::Simple::Post to use the http url for graph. Nothing is working. Every way I try I get double albums when I call the code. I've ensured that the code is being called once (mainly because I've created a super small test script to do it and have made outputs to ensure on the command line that it's only calling once.
Here's the url I'm using:
https://graph.facebook.com/me/albums?access_token=<access_token>&name=Test+Album+2&message=Test+Description
I've taken off the privacy setting from the url and it hasn't changed the behavior. If I run this directly in the graph explorer, it creates only one album. But any other method (yes, I am using POST and not GET and yes I've tried to pass all the params as post data individually rather than via querystring, either way results in duplicate albums) causes duplicate albums.
Has anyone experienced this? How do I fix it??? I'm at my wits end trying to figure this out.
I've tried it on multiple servers in thoughts that perhaps one of them was using a proxy causing the duplicate call, but whether I run it on my hosting service or on my localhost, I still get duplicates.
No matter what I've tried, if I am creating the album via code in PHP or Perl I get double albums created. HELP!
My first answer was deleted for some reason so I'm not sure what to do at this point. This question can't be answered because:
The issue was not with the SDK but with Facebook itself. I had created a bug report after doing some more tests. Facebook confirmed and fixed the bug. Basically, it had to do with inappropriate permissions handling.
https://developers.facebook.com/bugs/1435856773345641/
There was a bug in Facebook's handling in this instance. I'm hoping this answer doesn't get deleted because someone else may experience this and want to know that it was a bug in Facebook code, not in the PHP SDK or in the user code.
Not sure why Andrew Barber would delete that answer.
Unless someone has a better answer than what Facebook gave to me via bug report follow-up.
I have my application running nicely, I use Paypal WPS, I left the default values untouched, I tried with the sandbox and everything works nicely, but now, I want to release it, and I'm not quite sure about the credentials...
Default credentials are
<?php
define("DEFAULT_DEV_CENTRAL", "developer");
define("DEFAULT_ENV", "sandbox");
define("DEFAULT_EMAIL_ADDRESS", "sdk.seller#gmail.com");
define("DEFAULT_IDENTITY_TOKEN", "6vwLEY_ogPGnoQac2a0x4PRsSGrmzJPMkyGbJtpiCSwrkYsNSYxWfPY2ZLO");
define("DEFAULT_EWP_CERT_PATH", "cert/my-pubcert.pem");
define("DEFAULT_EWP_PRIVATE_KEY_PATH", "cert/my-prvkey.pem");
define("DEFAULT_EWP_PRIVATE_KEY_PWD", "password");
define("DEFAULT_CERT_ID", "B62GVU8RWNBFC");
define("PAYPAL_CERT_PATH", "cert/paypal_cert_pem.txt");
define("BUTTON_IMAGE", "https://www.paypal.com/en_US/i/btn/x-click-but23.gif");
define("PAYPAL_IPN_LOG", "paypal-ipn.log");
?>
How can I get real credentials? I don't find paypal help very useful... and I'm not used to using SSL, for what I could understand I need to get a private key, a public key, upload my public key to paypal and get a paypal certificate, but I don't know if that's right and, what to do with the other values.
Having just done this myself, it depends on what you're doing with it.
If you're encrypting your buttons dynamically, you need the EWP variables.
This PayPal help file explains how to get the various keys you need using your server command line.
I also found a tutorial and a certificate builder (linked in the tutorial, but I didn't use, so can't confirm how secure it is...)
The first step is to generate a private key and public certificate for yourself. You can use various online resources to do this for you rather than needing to figure out how to do this from command line on your server.
Once you've generated your key and certificate, you need to put them on your server with your website files and set DEFAULT_EWP_PRIVATE_KEY_PATH (private key) and DEFAULT_EWP_CERT_PATH (your public certificate) to the relevant file paths.
Upload the public certificate to PayPal (instructions in linked tutorials, but basically find the EWP settings and upload a new certificate), and set DEFAULT_CERT_ID to the Certificate ID it gives you for that file. It'll also give you a file you can download (their public certificate) - add that to your server and set PAYPAL_CERT_PATH to the path for that file.
PAYPAL_IPN_LOG isn't necessary unless you're using Instant Payment Notification, but is the location of the file you want to use for logging IPN records (if you want to use the default behaviour of the sample IPN listener (IPNListner.php).
BUTTON_IMAGE is obviously enough the image you want to use for your button.
DEFAULT_DEV_CENTRAL can stay as is. I think DEFAULT_ENV is a bit useless outside of development, as I don't know of an alternative to "sandbox" that works, since the standard URI is www.paypal.com/blah
Change DEFAULT_EMAIL_ADDRESS to your own PayPal account. You can also use your Merchant ID, but that seems a bit buggy on the Sandbox with EWP.
I've yet to find anything I'm using that uses DEFAULT_IDENTITY_TOKEN.