2

I want to integrate yahoo in my android application to get yahoo contacts. I used yahoo contacts API which opens a WebView to login. When i am importing contacts from yahoo using ouath procedure wtih ouath signature method HMAC-SHA1 . I got problem "Signature invalid."

If i use signature method "PLAINTEXT" its worked fine during oauth authentication by during using yahoo social API it results Signature type invalid. Any idea about this problem?

And I want some other way through which I dont need to show webview to user and authentication takes place in background. After login, I have to get logged in user's contacts. Any idea...???

==============================================

Here are the requests and responses that I got:

First Request:-

https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_nonce=asf234hkldfkjjksdbfjkbasdfsdasd&oauth_timestamp=1326787922&oauth_consumer_key=dj0yJmk9bmlsQzJxTEhsd254JmQ9WVdrOU1rODBZbXBaTkhNbWNHbzlORGN6TmpNNE5EWXkmcz1jb25zdW1lcnNlY3JldCZ4PWE3&oauth_signature_method=plaintext&oauth_signature=e6797e7744d52cf101fd9d4671514469429afe07%26&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=https://api.login.yahoo.com/oauth/v2/desktop

Response First Request:-

oauth_token=kkdhque&oauth_token_secret=43afb117c8880535d40d91ab6eb1cd9cf070b6bb&oauth_expires_in=3600&xoauth_request_auth_url=https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Frequest_auth%3Foauth_token%3Dkkdhque&oauth_callback_confirmed=true

Second Request in which user enter his user name and password in webview.

https://api.login.yahoo.com/oauth/v2/request_auth?oauth_token=k3qacet

Third request in which user authenticate that this application can use my email address in webview .

That results in oauth verifier.

Fourth reques in which webview is finished and user get access token or (oauth_token)

https://api.login.yahoo.com/oauth/v2/get_token?oauth_consumer_key=dj0yJmk9bmlsQzJxTEhsd254JmQ9WVdrOU1rODBZbXBaTkhNbWNHbzlORGN6TmpNNE5EWXkmcz1jb25zdW1lcnNlY3JldCZ4PWE3&oauth_signature_method=PLAINTEXT&oauth_version=1.0&oauth_verifier=rwbhqa&oauth_token=k3qacet&oauth_timestamp=1326787922&oauth_nonce=asf234hkldfkjjksdbfjkb&oauth_signature=e6797e7744d52cf101fd9d4671514469429afe07%26737c58816d097623629eac73c8c17207c641f360

Response Fourth Request:-

oauth_token=A%3DhX_2we7E7jDnmFyp_8sBq2jECdy3Qq3joNFqb6S70DcHwqh81q19r3KFvSljXFrjVjk3gw8UOkMcvs7sYNdZzbTDQhwYyPswES1HRhBv94wYFmCclOmXCL.XNOCgNQWkKbHha0puKPRnSY12tKASSPdmqYdynuw5c72sL6mb89Ord7hFmkn7mOqKeB5E0R.H1oM1vkxIc2_x3nhifZvHP1gHxG8rm3I2Qh4PsXl3sTeAOVp7xGjOVELdqjX4rxlvXwAHW8OHrZLniCiNNqtb9yhEDBGutFyos0gQikBZ3FQjS04Q0X6Vz53FwN58GWS6ok1IpppwYSaXVGxf6T3mtGZo90lNugbCAho5H9frYkV3dq9xM.LIiBdA3nPEJfef3ZCciNSYHtk_0_k3jSChDIiDuKwx4wwaHUSygZq0cOSWGV6iWdnc9qitu7xLLzzO5YDFStmkZK2ks144RLVookPqsPOHew.zovCcPup3oG3bOq4FKR9UAXaIfqtj6bMNauBpFiTmy8r9WIKJ5lKCJZux1oqCHECpSjhK98P2vTqVv08jU3.S15W6dPro9lwOVeMStacATvWE0wVumeOhg54.190zTvWxaCyNBSVKuKxlsOc8cDY6o_qhFtf.hiWLisVHKOpGkMhsdpECuaYaCSDGkNO8iEEcGE5nAS1VHbuxWl6TW1pRQxBUrDQWZiO.FPKAFQhz5gNjSbE14ygihPQVYYe_vJ0D.wdsOk4VY.aKovCe10vTl5N9t58ZhqJIH7pviYRuS8U- &oauth_token_secret=50f8b0c3742c653270f4ab171e344a6cb525eca5&oauth_expires_in=3600 &oauth_session_handle=AGgtEE.0Q98PruZjCCh2K9YIlCw_faQSJbrMRUeMzledZ.Tgqrg-&oauth_authorization_expires_in=820695219&xoauth_yahoo_guid=NNZ4BOGR43W5RY6LMEXJVUZYUE

Fifth request in order to get Contacts list of the users that i finaaly want ithis.

http://social.yahooapis.com/v1/user/NNZ4BOGR43W5RY6LMEXJVUZYUE/profile?format=json&OAuth_realm=yahooapis.com&oauth_consumer_key=dj0yJmk9bmlsQzJxTEhsd254JmQ9WVdrOU1rODBZbXBaTkhNbWNHbzlORGN6TmpNNE5EWXkmcz1jb25zdW1lcnNlY3JldCZ4PWE3&oauth_nonce=asf234hkldfkjjksdbfjkb&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1326787922&oauth_token=A%3D3cDEMvjdhV1KBgctAVMkpK5rham6RwashDSWUpZZWcnCHhG9U5SKiPFRIFBqYWyIik8MI.ALFZMNc0tFbr55uYoHZKP_4BCKjmw99FvLlILhKvg7EqsUqxW4riEcnz0vFtHM07No_nt4KYKEYjuzuZVzOU8Ig14r8t97XfBksMUGuUvkkdKRyfnmcauz9uCH.XA5s6OUzK5dSCUvrIgvnF6U7E.V8Dt0TRc_SAVn_wpm09qny5LrE5oGv1QL1c91PHztbr3IjXQctk4wGP8rOyCumfrs_IbV55.KvD18Ykw.oEUgFJRhjBxna5Dcn4YT1A0YziLkBmPayODSnh5i4QR_Y7rZKBxmKS06WTxO9xiJZVJi9a0eMWgHvkhT4G4inB7C8GakCSnq9NxXVO5jW.zJFJWMbzuxiNXvo4gKvCE03hEtNPGPwvUK1RtZyMZgyBXzr26Lxpss8CMUL2qtdR6HFSLCTc5feltiLCfiez359Bzb6HIzz6XOwBlcaLa44qjBA5hBUYPvPj2NRyEAhHKJkKj2qzT_vm8pHX65nVGUtIq9765oP.yZMU75WewKcBtD1UdaOoYW9ViKghJRajAy9AE9MHDe4M1VG0cRkO91vux77SbyNtm3y8NnUbCoTL9iL3ltFfABfg6xKW2c.IO4cQ0NowMjUqf.JqboY_ckjxUAXp9oP1tHkEZX1jb4GRv410chjR471ayKMZBjkgay.5XmN4Uq93C.h_hIa25wCBMKW9Zr1I512aZ3hyMePYHneHCz94c-&oauth_version=1.0&oauth_signature=e6797e7744d52cf101fd9d4671514469429afe07&48ae3c65bf198592e4758005bb551c14e163fa61

Response of Fifth request

{ error: { lang: "en-US", description: "Please provide valid credentials. OAuth oauth_problem="signature-invalid", realm="yahooapis.com"" } }

Khawar Raza
  • 15,870
  • 24
  • 70
  • 127
  • hi! did u solve this issue? i have similar issue please check this http://stackoverflow.com/questions/14598642/how-to-use-yahoo-contact-api-in-android-application – Aamirkhan Jan 30 '13 at 09:20

1 Answers1

1

If you're getting Signature Invalid, your OAuth request is most likely incorrectly signed. OAuth 1.0a and below really is a headache. Alhamdulillaah they are working on AOuth2.0 which cleans up a lot of the retardedness.

If you don't mind posting your OAuth signature base, Authorization header and request, I can help you in detail. The most frequent errors I have seen people make are they use a non GMT timestamp, they use a subset of the returned token due to bad parsing (you probably wont have to worry about this since Yahoo tokens are pretty clean [A-za-z0-9] but not everyone is like that--either way, manually look at your response in the first step of the login process and ensure your code is parsing the entire header), also make sure you are sending in your verifier for all REST requests, yes the verifier you had to type to log in. Other times, I've seen people's HMCA algorithm not working properly, or they forget to properly URLencode the Base64 version of their signed variables... what else... tat's all that comes to mind. It's been a while.

Moving right along, there is no reason why you should require a webview. The information being sent and received is just HTML code so you can parse it yourself or use any of the 2.9mil google results for html parsers out there. The only step you need a web browser for is for the user to login into their Yahoo account, and even that step can be automated [1] by parsing the page and obtaining the cb2_authenticity_token or similar and then submitting that to the address in the HTML [form]. It will send you back the page with the verifier, which you can also parse out, and I have successfully done this with twitter.

Anyhow, post some code and we can help you further.

[1] Edit note, you would have to have the yahoo L/P for automating this though.

Authman Apatira
  • 3,994
  • 1
  • 26
  • 33
  • hi please check my similar issue here Authman Apatira http://stackoverflow.com/questions/14598642/how-to-use-yahoo-contact-api-in-android-application – Aamirkhan Jan 30 '13 at 09:21