I realize this is nothing new and that there are LOTS of posts on this topic already. However, non are exactly related to what I'm looking for... SO, here it goes:
I have reviewed EVERY other post on this topic and nothing seems to work for me. Here is a quick summary of what I am doing:
***I have been at this so long that I am losing track of where I am- I just realized that my oauth_signature is now missing from my authorization header. I know it was there before...
BTW- I am using a CF oauth app from Harry Klein (http://oauth.riaforge.org/):
<!--- set up the parameters --->
<cfset sConsumerKey = 'xxx'> <!--- Got these from Tumblr for my app --->
<cfset sConsumerSecret = 'xxx'> <!--- Got these from Tumblr for my app --->
<cfset OAUTH_VERIFIER = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account --->
<cfset token = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account --->
<cfset tokenSecret = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account --->
<!--- set up the required objects including signature method--->
<cfset oReqSigMethodSHA = CreateObject("component", "oauth.oauthsignaturemethod_hmac_sha1")>
<cfset oToken = CreateObject("component", "oauth.oauthtoken").init(sKey = token, sSecret = tokenSecret)>
<cfset oConsumer = CreateObject("component", "oauth.oauthconsumer").init(sKey = sConsumerKey, sSecret = sConsumerSecret)>
<cfset oReq = CreateObject("component", "oauth.oauthrequest").fromConsumerAndToken(
oConsumer = oConsumer,
oToken = oToken,
sHttpMethod = "GET",
sHttpURL = 'http://api.tumblr.com/v2/user/info')> <!--- For now, just trying to get the user info --->
<!--- The ultimate goal is to post to differnent blog accounts on tumblr --->
<cfset oReq.setParameter('oauth_verifier',oauth_verifier) /> <!--- Had to manually add in oauth_verifier if it is even needed --->
<cfset oReq.signRequest(
oSignatureMethod = oReqSigMethodSHA,
oConsumer = oConsumer,
oToken = oToken)> <!--- Sign the request --->
<cfhttp url="#oReq.GETNORMALIZEDHTTPURL()#" method="get">
<cfhttpparam type="header" name="authorization" value="#oReq.TOHEADER()#" />
</cfhttp>
<cfdump var="#cfhttp#" />
Here is some of what I have gotten back (I have added line breaks to make it more legible):
SIGNATUREBASESTRING:
GET&
http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo&
oauth_consumer_key%3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26
oauth_nonce%3D96A76129198ADF9B60874521D3FB718256B2D093%26
oauth_timestamp%3D1358463090%26
oauth_token%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26
oauth_verifier%3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26
oauth_version%3D1.0
AUTHORIZATION HEADER:
OAuth oauth_consumer_key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
oauth_timestamp="1358463090",
oauth_version="1.0",
oauth_nonce="96A76129198ADF9B60874521D3FB718256B2D093",
oauth_token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
oauth_verifier="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Every time I try to modify anything, it never works. I always get 401 Not Authorized response from Tumblr with no explanation as to what I am doing wrong.
I've been at this for days: please help
*Edit 1/24/2013**
1. Getting the access_token:
response from Tumblr to auth_token request (Success):
oauth_token=XXX&
oauth_token_secret=XXX&
oauth_callback_confirmed=true
2. Using access token to get user info:
sConsumerKey:
xxx
sConsumerSecret:
yyy
EndPoint:
http://api.tumblr.com/v2/user/info
COMMETHOD:
get
token:
XXX
tokenSecret:
XXX
Signature base string:
GET&
http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo&
oauth_consumer_key%3Dxxx&
oauth_nonce%3DDED2857752C210C71D81DFD549B7B13113DCA50F&
oauth_signature_method%3DHMAC-SHA1&
oauth_timestamp%3D1358993908&
oauth_token%XXX&
oauth_version%3D1.0
Signature:
emffJ8+2QvExJzRH0fgDM8l3jDQ=
Authorization Header:
OAuth oauth_consumer_key="xxx"&
oauth_nonce="DED2857752C210C71D81DFD549B7B13113DCA50F"&
oauth_signature="emffJ8%2B2QvExJzRH0fgDM8l3jDQ%3D"&
oauth_signature_method="HMAC-SHA1"&
oauth_timestamp="1358993908"&
oauth_token="XXX"&
oauth_version="1.0"
Verified that: 1. OAuth_token is correct. 2. oAuth Header is sorted in alphabetical order. 3. Signature base string contains no parameters because there are none. 4. Method is get. 5. OAuth Header contains oauth_signature.
Some questions are: 1. Are there any other headers that I need to include (not sure if CF is adding any in automatically) 2. Can anyone verify my signature base string? 3. Are there case sensitivity issues in the signature base string? (or anywhere else)
EDIT- 1/27/2013 Can anyone please confirm this info (I am using real values because everything will be reset after including the app itself):
Given:
1. Signature Base String:
GET&
http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo&
oauth_consumer_key%XXX%26
oauth_nonce%3DOAUTH7DC9F837D60483B9D10389C9BB0AEAF9%26
oauth_signature_method%3DHMAC-SHA1%26
oauth_timestamp%3D1359320053%26
oauth_token%XXX%26
oauth_version%3D1.0
2. Signing Key (consumer secret & auth_token_secret):
XXX&
XXX
Is this signature correct?
3. Signature:
2n+xbj9gbOrADeaQ3nORKNhOTUg=
Is this Authorization Header correct:
4. Authorization header (FYI- there is a space after each comma- is that ok?
And- is the encoding on the Signature ok?):
(Also, I've tried this in alphabetical order and not- same result)
OAuth oauth_signature="2n%2Bxbj9gbOrADeaQ3nORKNhOTUg%3D",
oauth_token="XXX",
oauth_consumer_key="XXX",
oauth_nonce="OAUTH7DC9F837D60483B9D10389C9BB0AEAF9",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1359320053",
oauth_version="1.0"
I'm hoping someone can confirm that this is correct or not. In the latter case, I'll tweak it a little and hopefully check again. Thanks in advance all.
I haven't used the Tumblr API specifically, but have some ideas about your issue.
You didn't say what exactly are you trying to do. Have you successfully received access token? Or you are trying to use request token to get user info? - which won't work.
oauth_verifier is only needed in process of getting the access token - not when using normal API functionality (like getting user info).
To me it seems that you're trying to use request token to access user info and additionally unnecessarily adding the oauth_verifier to the url. You'll probably need to read on OAuth 1.0a flow.
Hope this helps.
UPDATE:
Here's a diagram of how OAuth 1.0a flow should look like.
The original diagram image here
UPDATE after UPDATE
You say you're using the library from here http://oauth.riaforge.org/ but I don't see it in your code. Again - I haven't used the Tumblr API specifically, but simplest call using the aforementioned library I do like this:
<cfscript>
consumerKey = 'xxx';
consumerSecret = 'yyy';
accessToken = 'xxxyyy';
accessSecret = 'yyyxxx';
//consumber object
oauthConsumerCFC = CreateObject("component", "OAuth.oauthconsumer");
oTumblrConsumer = oauthConsumerCFC.init(sKey = consumerKey, sSecret = consumerSecret);
//token object
oauthTokenCFC = CreateObject("component", "OAuth.oauthtoken");
oTumblrAccessToken = oauthTokenCFC.init(sKey = accessToken, sSecret = accessSecret);
//request object
oauthRequestCFC = CreateObject("component", "OAuth.oauthrequest");
oTumblrReqest = oauthRequestCFC.fromConsumerAndToken(
oConsumer : oTumblrConsumer,
oToken : oTumblrAccessToken,
sHttpMethod : "GET",
sHttpURL : "http://api.tumblr.com/v2/user/info"
);
//signature method
oauthSigMethodSHA = CreateObject("component", "OAuth.oauthsignaturemethod_hmac_sha1")
//sign request
oTumblrReqest.signRequest(
oSignatureMethod : oauthSigMethodSHA,
oConsumer : oTumblrConsumer,
oToken : oTumblrAccessToken
);
//signed url
signedURL = oTumblrReqest.getString();
</cfscript>
<cfhttp method="get" url="#signedURL#" result="requestResult" charset="utf-8" redirect="no" />
<cfdump var="#requestResult#">
You can see other examples that are in the OAuth library archive.
Hope this helps.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With