3

I am trying to figure out the oAuth process using coldfusion and there doesn't seem to be a lot of information on the forums.

I keep getting “401 Unauthorized - Invalid signature - The oauth_signature passed was not valid” But I am passing the correct one.

Here is my process.::

I am using the oauth codebase from http://oauth.googlecode.com/svn/code/coldfusion/oauth

Using there examples for twitter and google I have modified it to work like below.

<cfset sConsumerKey = "XXX">
<cfset sConsumerSecret = "YYY"> 
<cfset sTokenEndpoint = "http://vimeo.com/oauth/request_token">

<cfset oReqSigMethodSHA = CreateObject("component", "oauth.oauthsignaturemethod_hmac_sha1")>
<cfset oToken = CreateObject("component", "oauth.oauthtoken").createEmptyToken()>
<cfset oConsumer = CreateObject("component", "oauth.oauthconsumer").init(sKey = sConsumerKey, sSecret = sConsumerSecret)>

<cfset myParams = structNew() />
<cfset myParams.oauth_callback = "http://XXX.XXX/web/oAuth/examples_external/vimeo2.cfm" />

<cfset oReq = CreateObject("component", "oauth.oauthrequest").fromConsumerAndToken(
oConsumer = oConsumer,
oToken = oToken,
sHttpMethod = "GET",
sHttpURL = sTokenEndpoint,
stParameters = myParams)>

<cfset oReq.signRequest(
oSignatureMethod = oReqSigMethodSHA,
oConsumer = oConsumer,
oToken = oToken)>

<cfhttp url="#oREQ.getString()#" method="get" result="tokenResponse"/>

This then returns oauth_token & oauth_verifier.

<cfset sConsumerKey = "XXX"> 
<cfset sConsumerSecret = "YYY"> 
<cfset sAuthorizationEndpoint = "http://vimeo.com/oauth/access_token"> <!--- Authorize URL --->

<cfset oReqSigMethodSHA = CreateObject("component", "oauth.oauthsignaturemethod_hmac_sha1")>
<cfset oToken = CreateObject("component", "oauth.oauthtoken").createEmptyToken()>
<cfset oConsumer = CreateObject("component", "oauth.oauthconsumer").init(sKey = sConsumerKey, sSecret = sConsumerSecret)>

<cfset myParams = structNew() />
<cfset myParams.oauth_token = URL.oauth_token />
<cfset myParams.oauth_verifier = URL.oauth_verifier />
<cfset myParams.oauth_callback = "oob" />

<cfset oReq = CreateObject("component", "oauth.oauthrequest").fromConsumerAndToken(
oConsumer = oConsumer,
oToken = oToken,
sHttpMethod = "GET",
sHttpURL = sAuthorizationEndpoint ,
stParameters = myParams)>

<cfset oReq.signRequest(
oSignatureMethod = oReqSigMethodSHA,
oConsumer = oConsumer,
oToken = oToken)>

<cfhttp url="#oREQ.getString()#" method="get" result="tokenResponse"/>
<cfdump var="#tokenResponse#" />

And the results from the cfhttp is the 401 error

peterh
  • 11,875
  • 18
  • 85
  • 108
ozatomic
  • 182
  • 1
  • 13
  • Their response should be more verbose, like `401 Unauthorized - Invalid API Key - The API key passed was not valid`. Can you see the extended part comes after generic code? – Sergey Galashyn Jul 14 '10 at 06:58
  • yeah there was "401 Unauthorized - Invalid signature - The oauth_signature passed was not valid " But i'm using the oauth class so it should be right.... – ozatomic Jul 15 '10 at 00:24
  • Has anyone got any more feedback on what could be the problem? – ozatomic Jul 18 '10 at 22:56
  • Ever make any progress on this? I'm going to be working with Vimeo's APIs in the next week or so. – orangepips Jan 29 '11 at 03:47

1 Answers1

0

Without knowing anything about the Vimeo API, I had the same problem over oAuth when trying to send data via GET when a POST was required.

Ben Doom
  • 7,865
  • 1
  • 27
  • 30
  • From there documentation @ http://vimeo.com/api/docs/oauth all the examples they have are using GET – ozatomic Jul 14 '10 at 04:21