401 Unauthorized using Yahoo OAuth

Question

My below code returns a 401 Unauthorized error each time at the this point:

HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("http://query.yahooapis.com/v1/yql?q=select%20fields.value%20from%20social.contacts%20where%20guid%3Dme&diagnostics=false");
request.Headers.Add(
    "Authorization: OAuth " +
    "realm=\"" + "yahooapis.com" + "\"," +
    "oauth_consumer_key=\"" + ConfigurationManager.AppSettings["yahoo_oauth_consumer_key"] + "\"," +
    "oauth_nonce=\"" + Guid.NewGuid().ToString() + "\"," +
    "oauth_signature_method=\"" + "PLAINTEXT" + "\"," +
    "oauth_timestamp=\"" + ((DateTime.UtcNow.Ticks - new DateTime(1970, 1, 1).Ticks) / (1000 * 10000)).ToString() + "\"," +
    "oauth_token=\"" + accessToken.TokenValue + "\"," +
    "oauth_version=\"1.0" + "\"," +
    "oauth_signature=\"" + ConfigurationManager.AppSettings["yahoo_oauth_signature"] + "%26" + "\""
);
StreamReader streamReader = new StreamReader(request.GetResponse().GetResponseStream(), true);

And when I step into the code everytime I see all the info is there that Yahoo requests to have in the header, yet everytime I get this 401.

Answer 1

As I'm sure you know, 401 means not authorised. It probably means that your signature is not valid.

You don't post all of your code but I can't see how it could possibly correctly generate the correct signature, since your signature method seems not to take any of the parameters -- most tellingly the timestamp and nonce -- as input. If you've already calculated the signature correctly, then you need to use the exact same timestamp and nonce in the Authorized header; using a different one will mean that the signature is not valid.

Answer 2

Ok first of all:

http://www.youtube.com/watch?v=lZLP0siJI-8&feature=related

Secondly, the solution;

Don't run it from localhost :P

When I signed up on Yahoo I should've read more carefully, I signed up a second time just to see, and it clearly states from which domain will you be making the calls to our APIs.

Answer 3

I was running into the same thing... you have to carefully read the spec:

http://developer.yahoo.com/oauth/guide/oauth-requesttoken.html

Carefully follow the directions for each field. For example, I don't see that you have specified oauth_callback="oob". I was missing that field as well, as soon as I specified it, I got the token.

Answer 4

I am replying with hope that it will help someone else.

Yahoo! stores the domain in lowercase and I was storing the domain in mixed case in the callback variable.

So I converted the domain to all lowercase and prefixed it with "www." which got me to resolve the issue. Try to hit the Yahoo! servers with the final OAUTH URL from any browser to see the actual error message. Within app it just says "unauthorized".