oauth_problem=signature_invalid magento

[Rajags]

$oauthbaseurl, 'requestTokenUrl' => $requestTokenUrl, 'accessTokenUrl' => $accessTokenUrl, 'consumerKey' => $consumerkey, 'consumerSecret' => $consumersecret, 'callbackUrl' => $callbackUrl ); $base_string1 = "GET&" .urlencode($url) . "&" . urlencode( "oauth_consumer_key=". $consumerkey . "&oauth_nonce=" . $oauth_nonce . "&oauth_signature_method=" . $oauth_signature_method . "&oauth_timestamp=" .$oauth_timestamp . "&oauth_version=" . $oauth_version ); $consumer = new Zend_Oauth_Consumer($params); $requestToken = $consumer->getRequestToken(); $Token= split("&", $requestToken); $AccessToken = $Token[0]; $AccessTokenSecret = $Token[1]; $AccessTokenval = split("=", $AccessToken); $AccessTokenSecretval = split("=", $AccessTokenSecret); echo $oauth_token['oauth_token'] = $AccessTokenval[1]; echo " / ". $oauth_token['oauth_token_secret'] =$AccessTokenSecretval[1]; $curl = curl_init(); curl_setopt_array($curl, array( CURLOPT_URL => "https://sandbox.woohoo.in/oauth/authorize/customerVerifier/?oauth_consumer_key=".$consumerkey."&oauth_token=".$oauth_token['oauth_token']."&username=finnovationapisandbox%40woohoo.in&password=finnovationapisandbox%401234", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_HTTPHEADER => array( "cache-control: no-cache", "postman-token: 48f942ad-5c78-b31d-4471-3a11695ef868" ), )); $woohoospend_response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $woohoospend_response; } $woohoospend = json_decode($woohoospend_response); $woohooverifier = $woohoospend->verifier; $sig_string = urlencode($consumersecret) . '&' . urlencode($consumerkey); $oauthSig = base64_encode(hash_hmac("sha1", $base_string1, $sig_string, true)); $curl = curl_init(); curl_setopt_array($curl, array( CURLOPT_URL => "https://sandbox.woohoo.in/oauth/token/?oauth_consumer_key=".$consumerkey."&oauth_signature_method=HMAC-SHA1&oauth_verifier=".$woohooverifier."&oauth_token=".$oauth_token['oauth_token']."&oauth_version=1.0&oauth_nonce=".$oauth_nonce."&oauth_timestamp=" .$oauth_timestamp."&oauth_signature=".$oauthSig."&oauth_callback=oob", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_HTTPHEADER => array( "cache-control: no-cache", "postman-token: 48f942ad-5c78-b31d-4471-3a11695ef868" ), )); $woohoospendresponse = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $woohoospendresponse; } I m getting response like this 8037b72f811ab475bc974b40935248a1 / 0b76eca45b47011b4d51f2f6179ee0f6{"success":true,"verifier":"e793623107ebe3d4e30d2bd2592ed7c9"}oauth_problem=signature_invalid Please help me anyone why i m getting oauth problem and signature invalid

[laurent-pck]

Hi @Rajags, I had the same problem. I tried requests-oauthlib, which seems to be more maintained, but it's happening there too. I could debug it for rauth. The problem is described in this comment requests/requests-oauthlib#257 (comment)

As a workaround, I did an override of SignatureMethod::_normalize_request_parameters()

def _normalize_request_parameters(self, oauth_params, req_kwargs):
    """
    This is a workaroud. Rauth do encode a space in params as + in the query string and as %20 for the
    signature. On the server side, the Zend Framework computes the signature from the query string with space
    encoded as +. This leads to a signature mismatch.
    """
    original_response = super()._normalize_request_parameters(oauth_params, req_kwargs)

    return original_response.replace('%20', '%2B')

Note that for magento, the signature algorithm must also be adapted to use HmacSha256.