3

When getting a session, I get an "unexpected error".

Here is my code to get the signature (modified from this since that code is without some imports and notably hmac.new() is used instead of hmac() since that code doesn't work for me.

import sys
import json
import time
import random
import hashlib
import hmac
import urllib
import httplib

application_id = '3427'
auth_key = 'PLYHedAmxwdvt59'
auth_secret = '*some secret key*'


nonce = str(random.randint(1, 10000))
timestamp = str(int(time.time()))

signature_raw_body = ("application_id=" + application_id + "&auth_key=" + auth_key +
            "&nonce=" + nonce + "&timestamp=" + timestamp)

signature = hmac.new(auth_secret, signature_raw_body, hashlib.sha1).hexdigest()

params = urllib.urlencode({'application_id': application_id,
                           'auth_key': auth_key,
                           'timestamp': timestamp, 'nonce' : nonce,
                           'signature' : signature})

conn = httplib.HTTPSConnection("api.quickblox.com")
conn.request("POST", "/session", params, {})
response = conn.getresponse()

print response.read()
print "signature = '%s'" % signature

The output:

<?xml version="1.0" encoding="UTF-8"?>
<session>
  <application-id type="integer">3427</application-id>
  <created-at type="datetime">2013-08-04T12:19:10Z</created-at>
  <device-id type="integer" nil="true"/>
  <id type="integer">3552056</id>
  <nonce type="integer">5855</nonce>
  <token>686840081c18c7dd0e0a779c233e0d9605bcb567</token>
  <ts type="integer">1375618748</ts>
  <updated-at type="datetime">2013-08-04T12:19:10Z</updated-at>
  <user-id type="integer" nil="true"/>
</session>

signature = 'f08b68b645184619bbe59bac217506e66a840425'

Next I use curl to attempt to create a session:

curl -X POST -H "Content-Type: application/json" -H "QuickBlox-REST-API-Version: 0.1.0" -d '{"application_id":"3427","auth_key":"PLYHedAmxwdvt59","nonce":"33432","timestamp":"1375619372","signature":"f08b68b645184619bbe59bac217506e66a840425"}' http://api.quickblox.com/session.json

I get this as a result: {"errors":{"base":["Unexpected signature"]}}

Something went wrong?

Community
  • 1
  • 1
huggie
  • 17,587
  • 27
  • 82
  • 139

1 Answers1

0

Here is my example:

curl -X POST -H "Content-Type: application/json" -H "QuickBlox-REST-API-Version: 0.1.0" -d '{"application_id":"92","auth_key":"wJHdOcQSxXQGWx5","nonce":"315","timestamp":"1375624737","signature":"f36336b8bc8449b8252edbc0ee441cdb5856112c"}' http://api.quickblox.com/session.json

Result:

{"session":{"application_id":92,"created_at":"2013-08-04T13:59:50Z","device_id":null,"id":3553701,"nonce":315,"token":"1d423b6633e2fc82f81d88b65f3e26198853c84c","ts":1375624737,"updated_at":"2013-08-04T13:59:50Z","user_id":null}}

You should check code which generates your signature

Rubycon
  • 18,156
  • 10
  • 49
  • 70
  • If I get the token back, doesn't that mean the signature was generated correctly? Previously the server would tell me something wrong with the signature (I forgot the exact wording). – huggie Aug 06 '13 at 02:53
  • I see that you Python code which generates signature is not equal to code in link – Rubycon Aug 06 '13 at 16:03
  • Because the code in link doesn't run. It's missing some imports, and when it is imported, that hmac() Alex had simply doesn't work. But, I'll take a hard look again. – huggie Aug 07 '13 at 02:56
  • I've just doubled checked. Well, other than hmac.new() instead of hmac()(which doesn't run, it will complain `TypeError: 'module' object is not callable`) and hashlib.sha1 instead of just sha1. (that's just the matter of `import hashlib` or `from haslib import sha1`, I presume, since Alex's code doesn't include the necessary import statements), I don't see any real difference. – huggie Aug 07 '13 at 06:09
  • Still wondering what's causing the problem. I tried the iOS sdk custom object example and it works like a charm as far as the session creation goes. I don't have access to the SDK (obviously) but the iOS code appears to make just one session request. I'll try some more. – huggie Aug 08 '13 at 03:38
  • OK it turns out I'm calling session.json twice without realizing it. I just need that one call. BTW what's /auth for? – huggie Aug 11 '13 at 16:02
  • 1
    /auth - this is old & deprecated endpoint, you should use /session – Rubycon Aug 19 '13 at 08:06
  • Hey! I am facing similar problem. At times it works and at times it throws -{"errors":{"base":["Unexpected signature"]}}. Has anyone faced that ? – Disha Aug 30 '16 at 11:30