3

I'm trying to implement OAuth for Google, Twitter, Yahoo etc. on Android using the signpost libraries.

All of the above work fine, except Yahoo, which gives me a 401 error when trying to retrieve the Request Token. I've tried modifying my callback url to an http one, and even tried Out of Band authentication.

Does anyone have an idea on what I could be doing wrong ?

My code which requests for the OAuth Request Token using Signpost libraries is pasted below. 

private static CommonsHttpOAuthConsumer yahooConsumer = new CommonsHttpOAuthConsumer(
        YAHOO_CONSUMER_KEY, YAHOO_CONSUMER_SECRET);
private static CommonsHttpOAuthProvider yahooProvider = new CommonsHttpOAuthProvider(
        YAHOO_REQUEST_URL, YAHOO_ACCESS_TOKEN_URL, YAHOO_AUTH_URL);

and

String authURL = yahooProvider.retrieveRequestToken( yahooConsumer,YAHOO_REDIRECT_URL); startWebView(authURL);

EDIT:

Here's the output from the catched Exception :

08-21 00:18:10.935: WARN/System.err(3752): oauth.signpost.exception.OAuthNotAuthorizedException: Authorization failed (server replied with a 401). This can happen if the consumer key was not correct or the signatures did not match. 08-21 00:18:10.945: WARN/System.err(3752): at oauth.signpost.AbstractOAuthProvider.handleUnexpectedResponse(AbstractOAuthProvider.java:239) 08-21 00:18:10.945: WARN/System.err(3752): at oauth.signpost.AbstractOAuthProvider.retrieveToken(AbstractOAuthProvider.java:189) 08-21 00:18:10.955: WARN/System.err(3752): at oauth.signpost.AbstractOAuthProvider.retrieveRequestToken(AbstractOAuthProvider.java:69)

Thanks,

Abhinav

Abhinav Manchanda
  • 6,546
  • 3
  • 39
  • 46
  • Could you please provide the error details from Yahoo with the 401? – Kristiono Setyadi Aug 20 '11 at 19:04
  • @Kristiono - I've edited my question to add the logcat output with the exception. Thanks – Abhinav Manchanda Aug 20 '11 at 19:14
  • Thanks for the exception thrown. I think you should also see the body response of 401 given by Yahoo. Yahoo should gave you a descriptive response of what being wrong. – Kristiono Setyadi Aug 20 '11 at 19:54
  • Thanks for the help. Here's what signpost outputs to my Logcat - Authentication error: Unable to respond to any of these challenges: {oauth=WWW-Authenticate: OAuth oauth_problem=consumer_key_rejected}. Do you want me to install a request tracking software and give you the detailed request and response ? – Abhinav Manchanda Aug 20 '11 at 20:03
  • @Abhinav I got the same error(oauth.signpost.exception.OAuthNotAuthorizedException: Authorization failed (server replied with a 401). This can happen if the consumer key was not correct or the signatures did not match). I have valid customer key. But it shows above exception. can you help me. – Ramakrishna Jun 23 '12 at 04:17
  • @Abhinav +1 for your question. – Ramakrishna Jun 23 '12 at 04:22
  • @Ramakrishna Please refer to Kristiono's answer below. I faced the same issue. Basically you need to check atleast one service provided by Yahoo. – Abhinav Manchanda Jul 03 '12 at 15:13

2 Answers2

4

consumer_key_rejected means that you didn't provide valid consumer_key to Yahoo. If you do have provided the right consumer_key to Yahoo, you may check your app registration with Yahoo. Probably you need to check at least one or more services provided by Yahoo. Don't forget to also choose the type of your application whether it's web-based or client-based.

This all make sense since Yahoo wrapped the permission scope into the Consumer Key. Read this explanation for further details: Yahoo OAuth Scope.

This is the workaround example and hints that might be useful to solve your problem: Yahoo OAuth Problem - Consumer Key Rejected

Let me know if this works for you.

Kristiono Setyadi
  • 5,635
  • 1
  • 19
  • 29
  • Thanks for the explanation Kristiono. I'm pretty sure that my Consumer Key is fine, and have tried with both Web-Based and Client-Based, with various combinations including OOB. The second link that you've given is pretty intriguing - let me try out what he's said and see if it works ! – Abhinav Manchanda Aug 21 '11 at 11:58
  • Thanks Kristiono, I'm getting the request token now. This has really helped me - I was struggling up to the point of considering writing my own OAuth client for Yahoo. – Abhinav Manchanda Aug 21 '11 at 12:44
0

Try forcing 1.0a authentication with Provider.setOAuth10a(true).

It's also worth checking that the date, time and timezone on your client are all correct else the signature verification will fail.

Dave
  • 6,064
  • 4
  • 31
  • 38
  • Thanks. Let me try this and get back to you. – Abhinav Manchanda Aug 20 '11 at 19:22
  • That does not work. I can't help but feel that there's something really basic I'm missing out on. My app is registered as a web-based app with my own domain as the app url, and I give that as the redirect url here also, though I've also tried registering as a desktop app and trying OOB. – Abhinav Manchanda Aug 20 '11 at 19:55