I'm working with django-piston to attempt to create an API that supports oAuth.
I started out using the tutorial at:
http://blog.carduner.net/2010/01/26/django-piston-and-oauth/
I added a consumer to piston's admin interface with key and secret both set to "abcd" for test purposes.
The urls are successfully wired-up and the oAuth provider is called.
However, running my get request token tests with tripit (python get_request_token.py "http://127.0.0.1:8000/api" abcd abcd), I receive the following error:
Invalid signature. Expected signature base string: GET&http%3A%2F%2F127.0.0.1%3A8000%2Fapi%2Foauth%2Frequest_token%2F&oauth_consumer_key%3Dabcd%26oauth_nonce%3D0c0bdded5b1afb8eddf94f7ccc672658%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275135410%26oauth_version%3D1.0
The problem seems to lie inside the _check_signature method of Piston's oauth.py, where
valid_sig = signature_method.check_signature(oauth_request, consumer, token, signature)
is returning false. I can't, however, work out how to get the signature validated.
Any ideas?
Update:
If I remove the test consumer from piston's backend, the response returned is correctly set to "Invalid consumer", so this lookup appears to be working.
The eventual answer I found was to install a working copy of oauth_consumer into the application directory. Once I had added my consumer inside this application, everything worked as expected.
@Ricardo and anyone else having problems with this error (sorry for the "answer", I don't have commenting as of yet), I was able to avoid this error by generating my signature from following the test cases provided in piston's code. Example:
>>> from piston.oauth import *
>>> from piston.models import *
>>> consumer = Consumer.objects.get(id=1)
>>> oaconsumer = OAuthConsumer(consumer.key, consumer.secret)
>>> request = OAuthRequest.from_consumer_and_token(oaconsumer, http_url='http:
//localhost:8000/api/oauth/request_token/')
>>> signature_method = OAuthSignatureMethod_HMAC_SHA1()
>>> request.sign_request(signature_method, oaconsumer, None)
>>> request.sign_request(signature_method, oaconsumer, None)
>>> request.parameters
{'oauth_nonce': '64379482', 'oauth_timestamp': 1297147940, 'oauth_consumer_key': u'8aZSFj3W54h8J8sCpx', 'oauth_signature_method': 'HMAC-SHA1', 'oauth_version': '1.0', 'oauth_signature': 'kGSLCZjYzAHXsa8f9sL52Kq1F2w='}
From here, just use these parameters in a browser e.g. http://localhost:8000/api/oauth/request_token/?oauth_nonce=64379482&oauth_timestamp=1297147940&oauth_consumer_key=8aZSFj3W54h8J8sCpx&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=kGSLCZjYzAHXsa8f9sL52Kq1F2w=
Which generates "oauth_token_secret=37VZKRV3fXRLAw5tekZD2bwnMhXqGwgx&oauth_token=LRnexBGTNC4nDXpv9M&oauth_callback_confirmed=true"
As Martin pointed out, leaving out a "/" in either the sample code or the URL will render the signature "invalid".
来源:https://stackoverflow.com/questions/2935446/invalid-signature-oauth-provider-with-django-piston