5

I want to access the APIs in QuickBlox, but before that we need to authenticate our apps and get a session token, and using session token we can access the other APIs. But the problem is, when I send the authentication request using the required specification given on the QuickBloxwebsite, I am getting the error message:

{"errors":{"base":["Unexpected signature"]}}

The parameters to generate the signature is:

application_id=22&auth_key=wJHd4cQSxpQGWx5&nonce=33432&timestamp=1326966962

And then we convert it in HMAC-SHA format:

hash_hmac( 'sha1', $signatureStr , $authSecret);

Please help me to resolve this problem.

Michael Petrotta
  • 59,888
  • 27
  • 145
  • 179
hitender
  • 113
  • 2
  • 8

6 Answers6

2

I wrote code snippet on php, it generates signature. It works good

this is my test application's credentials:

$application_id = 92;
$auth_key = "wJHdOcQSxXQGWx5";
$authSecret = "BTFsj7Rtt27DAmT";

$nonce = rand();
echo "<br>nonce: " . $nonce;

$timestamp = time();
echo "<br>timestamp: " . $timestamp ."<br>";

$stringForSignature = "application_id=".$application_id."&auth_key=".$auth_key."&nonce=".$nonce."&timestamp=".$timestamp;
echo $stringForSignature."<br>";

$signature = hash_hmac( 'sha1', $stringForSignature , $authSecret);
echo $signature;

hope this help

Rubycon
  • 18,156
  • 10
  • 49
  • 70
2

Problem solved

There was a problem in my request parameters.

$params = "application_id=$application_id&auth_key=$auth_key&timestamp=$timestamp&nonce=$nonce&signature=$signature&**auth_secret=$authSecret**";

In this parameter I was passing an extra parameter, my auth secret key which should not be there. I removed this parameter and now its working.

Paul Turner
  • 38,949
  • 15
  • 102
  • 166
hitender
  • 113
  • 2
  • 8
2

Here is full example how to create QuickBlox session:

<?php
// Application credentials
DEFINE('APPLICATION_ID', 92);
DEFINE('AUTH_KEY', "wJHdOcQSxXQGWx5");
DEFINE('AUTH_SECRET', "BTFsj7Rtt27DAmT");

// User credentials
DEFINE('USER_LOGIN', "emma");
DEFINE('USER_PASSWORD', "emma");

// Quickblox endpoints
DEFINE('QB_API_ENDPOINT', "https://api.quickblox.com");
DEFINE('QB_PATH_SESSION', "session.json");

// Generate signature
$nonce = rand();
$timestamp = time(); // time() method must return current timestamp in UTC but seems like hi is return timestamp in current time zone
$signature_string = "application_id=".APPLICATION_ID."&auth_key=".AUTH_KEY."&nonce=".$nonce."&timestamp=".$timestamp."&user[login]=".USER_LOGIN."&user[password]=".USER_PASSWORD;

echo "stringForSignature: " . $signature_string . "<br><br>";
$signature = hash_hmac('sha1', $signature_string , AUTH_SECRET);

// Build post body
$post_body = http_build_query(array(
                'application_id' => APPLICATION_ID,
                'auth_key' => AUTH_KEY,
                'timestamp' => $timestamp,
                'nonce' => $nonce,
                'signature' => $signature,
                'user[login]' => USER_LOGIN,
                'user[password]' => USER_PASSWORD
                ));

// $post_body = "application_id=" . APPLICATION_ID . "&auth_key=" . AUTH_KEY . "&timestamp=" . $timestamp . "&nonce=" . $nonce . "&signature=" . $signature . "&user[login]=" . USER_LOGIN . "&user[password]=" . USER_PASSWORD;

 echo "postBody: " . $post_body . "<br><br>";
// Configure cURL
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, QB_API_ENDPOINT . '/' . QB_PATH_SESSION); // Full path is - https://api.quickblox.com/session.json
curl_setopt($curl, CURLOPT_POST, true); // Use POST
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body); // Setup post body
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); // Receive server response

// Execute request and read responce
$responce = curl_exec($curl);

// Check errors
if ($responce) {
        echo $responce . "\n";
} else {
        $error = curl_error($curl). '(' .curl_errno($curl). ')';
        echo $error . "\n";
}

// Close connection
curl_close($curl);
?>
Rubycon
  • 18,156
  • 10
  • 49
  • 70
  • I'm getting "Unexpected signature" error on request, see my question: http://stackoverflow.com/questions/31733629/quickblox-rest-api-unexpected-signature-on-laravel – Maykonn Jul 31 '15 at 16:33
  • There is an error on documentation. The example webservice in the docs has the following body: {"application_id": "2", "auth_key": "DtF9cZPqTF8Wy9Q", "timestamp": "1333630580", "nonce": "1340569516", "signature": "13293a5bd2026b957ebbb36c89d9649aae9e5503", "user": {"login": "injoit", "password": "injoit"}}. The user information is in the a "user" element. The correct way do not uses the "user" element. – DragonT Sep 30 '15 at 01:22
0

You have to use your own application parameters:

  • application_id
  • auth_key

and random 'nonce' and current timestamp (not from example, you can get current timestamp on this site http://www.unixtimestamp.com/index.php)

Your code is right, but you must set proper parameters

Rubycon
  • 18,156
  • 10
  • 49
  • 70
  • thanks for your reply! I have use my application_id and auth_key and my generated timestamp and random number. – hitender Jan 02 '13 at 04:54
  • thanks for your reply! I have use my application_id and auth_key and my generated timestamp and random number. For timestamp I try strtotime(date("Y-m-d h:i:s")); and strtotime(date('m/d/Y h:m:s')); to generate the timestamp, i also try time() function to generate the timestamp and for random no. i use rand() functions to get the unique random no. in php. But still giving the same error. – hitender Jan 02 '13 at 05:00
  • I think the problem is with how you get timestamp. Could you try to get it from site http://www.unixtimestamp.com/index.php and run your code with this value – Rubycon Jan 02 '13 at 09:35
  • I tried the timestamp from the given link as well but it still not working. I m giving here my request page link where i display my sever timestamp and nonce. pl. have look. or if you need any other information pl. let me know. http://demo.allwikan.com/test-chat/qb-auth.php – hitender Jan 02 '13 at 10:22
  • – hitender Jan 02 '13 at 13:39
  • function POSTRequest($url, $data, $return) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, strlen($data)); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); $status = curl_getinfo($ch, CURLINFO_HTTP_CODE); if (!$return) { header("HTTP/1.0 $status"); } curl_close ($ch); – hitender Jan 02 '13 at 13:40
  • Please add it to your answer, it's quite hard to read it as comment :) – Rubycon Jan 02 '13 at 16:56
  • Can you check my answer? – Wang YinXing Nov 18 '15 at 19:08
0

1) You should send request to correct url.

to https://api.quickblox.com/auth.json

instead https://api.quickblox.com/session.json

2) You should fix SSL problem using this.

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false)

Wang YinXing
  • 136
  • 6
0

We use php, and next code works well for us:

<?php

$userLogin = '{YOUR_QB_USER}';
$userPassword = '{YOUR_QB_PASSWORD}';

$body = [
    'application_id' => '{YOUR_QB_APPLICATION_ID}',
    'auth_key' => '{YOUR_QB_AUTH_KEY}',
    'nonce' => time(),
    'timestamp' => time(),
    'user' => ['login' => $userLogin, 'password' => $userPassword]
];
$built_query = urldecode(http_build_query($body));
$signature = hash_hmac('sha1', $built_query , '{YOUR_QB_APP_SECRET}');
$body['signature'] = $signature;
$post_body = http_build_query($body);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://{YOUR_QB_HOST}/session.json');
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
$token = json_decode($response, true)['session']['token'];
printf('Your token is: %s %s', $token, PHP_EOL);
cn007b
  • 16,596
  • 7
  • 59
  • 74