{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Emotional °昔 的问题《“Invalid signature”: oAuth provider with Django-pi》','https://www.manongdao.com/q-610737.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm working with django-piston to attempt to create an API that supports oAuth.
I started out using the tutorial at:
http://blog.carduner.net/2010/01/26/django-piston-and-oauth/
I added a consumer to piston's admin interface with key and secret both set to "abcd" for test purposes.
The urls are successfully wired-up and the oAuth provider is called.
However, running my get request token tests with tripit (python get_request_token.py "http://127.0.0.1:8000/api" abcd abcd), I receive the following error:
Invalid signature. Expected signature base string: GET&http%3A%2F%2F127.0.0.1%3A8000%2Fapi%2Foauth%2Frequest_token%2F&oauth_consumer_key%3Dabcd%26oauth_nonce%3D0c0bdded5b1afb8eddf94f7ccc672658%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275135410%26oauth_version%3D1.0
The problem seems to lie inside the _check_signature method of Piston's oauth.py, where
valid_sig = signature_method.check_signature(oauth_request, consumer, token, signature)
is returning false. I can't, however, work out how to get the signature validated.
Any ideas?
Update:
If I remove the test consumer from piston's backend, the response returned is correctly set to "Invalid consumer", so this lookup appears to be working.
The eventual answer I found was to install a working copy of oauth_consumer into the application directory. Once I had added my consumer inside this application, everything worked as expected.
@Ricardo and anyone else having problems with this error (sorry for the "answer", I don't have commenting as of yet), I was able to avoid this error by generating my signature from following the test cases provided in piston's code. Example:
From here, just use these parameters in a browser e.g. http://localhost:8000/api/oauth/request_token/?oauth_nonce=64379482&oauth_timestamp=1297147940&oauth_consumer_key=8aZSFj3W54h8J8sCpx&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=kGSLCZjYzAHXsa8f9sL52Kq1F2w=
Which generates "oauth_token_secret=37VZKRV3fXRLAw5tekZD2bwnMhXqGwgx&oauth_token=LRnexBGTNC4nDXpv9M&oauth_callback_confirmed=true"
As Martin pointed out, leaving out a "/" in either the sample code or the URL will render the signature "invalid".