I am trying to generate oauth 1 oauth/token/request for magento 2, I am using the below code
$characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
$nonce = '';
$maxRand = strlen($characters) - 1;
$length = 32;
for ($i = 0; $i < $length; ++$i) {
$nonce .= $characters[mt_rand(0, $maxRand)];
}
$dateTime = new DateTime();
$oauthConsumerKey = $authData['oauth_consumer_key'];
$oauthVerifier = $authData['oauth_verifier'];
$oauthConsumerSecret = $authData['oauth_consumer_secret'];
$storeBaseUrl = $authData['store_base_url'];
$outhTimestamp = $dateTime->format('U');
$oauthNonce = $nonce;
$storeBaseUrl = $authData['store_base_url'];
$base = 'POST&'.$storeBaseUrl.'&'
."oauth_consumer_key=".$oauthConsumerKey
.'&oauth_nonce='.$oauthNonce
.'&oauth_signature_method=HMAC-SHA256'
.'&oauth_timestamp='.$outhTimestamp
.'&oauth_version='.'1.0';
$signature = rawurlencode(base64_encode(hash_hmac("sha1", $base, rawurlencode($oauthConsumerSecret), true)));
In above code I have oauth_consumer_key, oauth_verifier, oauth_consumer_secret, these all I am getting in the callback URL which I passed while creating Integration in magento admin panel.
My HTTP request is below
$headers = [
'Content-Type' => 'application/json',
'Authorization' => 'OAuth oauth_consumer_key="'.$oauthConsumerKey.'",oauth_signature_method="HMAC-SHA256",oauth_timestamp="'.$outhTimestamp.'",oauth_nonce="'.$oauthNonce.'",oauth_verifier="'.$oauthVerifier.'",oauth_signature="'.$signature.'"',
];
$response = Http::withHeaders($headers)->post('https://magento.dev/oauth/token/request');
Below are the variables values which I am passing in the HTTP request
oauthConsumerKey
5zgrXXXXXXa48z4gvjlik0
oauthVerifier
vi9e9cfzXXXXfrz9uu66exk833r
outhTimestamp
1676558767
oauthNonce
YrA0cTizdSi1iWFaAwMvLQ26QVWDDVUF
$signature
C0ED4Lfpj%2B7xRHOWYPpJn7%2F6fn0%3D
I am getting below response
oauth_problem=The+signature+is+invalid.+Verify+and+try+again.
Below is the Postman request which return the access token and access token secret
$client = new Client();
$headers = [
'Content-Type' => 'application/json',
'Authorization' => 'OAuth oauth_consumer_key="5zgr9g5mXXXXXp7a48z4gvjlik0",oauth_signature_method="HMAC-SHA256",oauth_timestamp="1676558288",oauth_nonce="fCIN21MqTei",oauth_verifier="uq2ttix8gpjlniXXXX1msdu029",oauth_signature="CNbMzhVuEDkXXXX8R2H1KY8Binhvg5PGw1%2FE%3D"',
];
$request = new Request('POST', 'https://magento.dev/oauth/token/request', $headers);
$res = $client->sendAsync($request)->wait();
echo $res->getBody();
Let me what I am doing wrong, any reference code or example much appreciated!! Thanks
1 Answer 1
The error you are seeing comes from this method \Magento\Framework\Oauth\Oauth::_validateSignature.
The issue is that you are defining the oauth_signature_method as HMAC-SHA256 but generating the oauth_signature value using HMAC-SHA1.
You need to change this section:
$signature = rawurlencode(base64_encode(hash_hmac("sha1", $base, rawurlencode($oauthConsumerSecret), true)));
To something like
$signature = rawurlencode(base64_encode(hash_hmac("sha256", $base, rawurlencode($oauthConsumerSecret), true)));
-
I already check the documentation, I followed all the steps they mention, there are few thing which are missingDeepak Mankotia– Deepak Mankotia2023年02月17日 11:51:19 +00:00Commented Feb 17, 2023 at 11:51
-
I've updated my answer, it seems you have a discrepancy between the oauth_signature_method you've defined and the signature method you are using to generarate the oauth_signature value.Liam Toohey– Liam Toohey2023年02月17日 16:04:25 +00:00Commented Feb 17, 2023 at 16:04
-
Did you manage to test this fix? I believe this is the cause of the exception you are seeing.Liam Toohey– Liam Toohey2023年02月20日 10:52:25 +00:00Commented Feb 20, 2023 at 10:52
-
I found the solution, I created the signature using the same library which magento is usingDeepak Mankotia– Deepak Mankotia2023年02月23日 07:12:03 +00:00Commented Feb 23, 2023 at 7:12