0

So I'm trying to create a signature to access Magento APIs via Integration but I don't get a valid oauth signature (Magento uses oauth1).

On using the same timestamp and nonce in postman I get the proper oauth signature. Why doesn't this produce a signature equivalent to that?

hmac=OpenSSL::HMAC.digest('sha1',secret_key, base_string)
signature = Base64 encode64(hmac)

The base string:

        oauth_consumer_key=params[:oauth_consumer_key]
        oauth_signature_method='HMAC-SHA1'
        oauth_nonce=Random.rand(100000).to_s
        oauth_timestamp=Time.now.to_i.to_s
        oauth_version='1.0'
        parameters ='oauth_consumer_key=' +
              oauth_consumer_key +
              '&oauth_nonce=' +
              oauth_nonce +
              '&oauth_signature_method=' +
              oauth_signature_method +
              '&oauth_timestamp=' +
              oauth_timestamp +
              '&oauth_version=' +
              oauth_version
        url = "http://localhost/demowebsite/oauth/token/request"
        base_string = 'POST&' +CGI.escape(url) + '&' + CGI.escape(parameters)
        #as I have no token yet
        secret_key = oauth_consumer_secret +'&'+'' 
 #POST&http%3A%2F%2Flocalhost%2Fdemowebsite%2Foauth%2Ftoken%2Frequest&oauth_consumer_key%3Dqv4w11m4o5f8vqx2uhfzovrc6veevg5u%26oauth_nonce%3D94770%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1591680691%26oauth_version%3D1.0

Thanks in advance

ruhuse
  • 5
  • 3

1 Answers1

0

Usually the base_string is the culprit. If you put the sample base string here, I can help you further

Ralph
  • 309
  • 1
  • 8
  • I have provided the base string.Could you please look into it? thanks – ruhuse Jun 09 '20 at 05:23
  • It seems your code is right +1, Are you getting an error while authentication? If that is the case you need to include how you are building the authorization header too. Also include the Magento documentation link pls. – Ralph Jun 09 '20 at 06:30
  • My authorization header is alright i guess as i get a response object which says "oauth_problem-The+signature+is+invalid.+Verify+and+try+again." the magento documentation: https://devdocs.magento.com/guides/v2.3/get-started/authentication/gs-authentication-oauth.html – ruhuse Jun 09 '20 at 06:38
  • i have added the building of authorization header part too – ruhuse Jun 09 '20 at 06:50
  • So, the order of the keys in the header seem to be different from the order of the original base string. i.e. oauth_signature_method & oauth_noonce seem to have interchanged position. Also it might help changing "Oauth" to "OAuth" in the authorization header. – Ralph Jun 09 '20 at 07:05
  • Also the case in the url is different for DemoWebsite – Ralph Jun 09 '20 at 07:16
  • When you are ready to open it up to the world, we'll add you site to Pathfix as an Oauth Provider +1 – Ralph Jun 09 '20 at 07:38