2

I'm using pecl oauth in php, it workds fine in plain php using localhost, and I was able to get the request token. But when I use it on a framework, it throws exception and gives me oauth_problem=signature_invalid.

this framework is being used on a virtual host. Any idea ?

(details can be found below as my comment)

Arfeen
  • 2,553
  • 5
  • 29
  • 48
  • 2
    not being clairvoyant, I'd need a LOT more info in order to have a clue what's going on. – jcomeau_ictx Jun 07 '11 at 06:19
  • here is the structure here are the details ... my web root: http://arfeen.local http://pastebin.com/sV9L00hx (.htaccess) http://pastebin.com/yCEHYxP3 (oauth.php) (framework Controller) http://pastebin.com/1KKPdTKH (oauthprovider.php) (provider class) http://arfeen.local/oauth/login (oauth client) And I think rest of the thing you can understand once you understand the code. Outside the framework it works fine but within framework I get "signature invalid" . thats why im also giving you ".htaccess" file .. – Arfeen Jun 08 '11 at 05:16

1 Answers1

0

Two of your three paste bins aren't working for me, but I'm also creating an OAuth provider myself and I ran into a problem with my keys. How are you storing them in the database?

In my case, I was saving the SHA1 keys into BINARY(20) columns by calling the MYSQL function UNHEX() when I inserted them and then calling HEX() when I pulled them out[1]. The problem was that HEX and UNHEX return uppercase values, and when I was generating the SHA1 keys using the sha1() function they were lowercase[2]. Make sure they are the same case, because it will affect the signature.

[1] Storing SHA1 hash values in MySQL
[2] http://us.php.net/sha1

Community
  • 1
  • 1
Steve
  • 1,112
  • 8
  • 12
  • Just saw how old this question was. Whoops! – Steve Dec 16 '11 at 05:31
  • @Steve.. thanks for the reply. There was a problem in the framework i was using that time and I handed it over to the person who developed the framework. But thanks for your suggestion, will consider it in any future case of oAuth. – Arfeen Dec 16 '11 at 05:38