Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Coldfusion Tumblr oAuth Frustration

I realize this is nothing new and that there are LOTS of posts on this topic already. However, non are exactly related to what I'm looking for... SO, here it goes:

I have reviewed EVERY other post on this topic and nothing seems to work for me. Here is a quick summary of what I am doing:

***I have been at this so long that I am losing track of where I am- I just realized that my oauth_signature is now missing from my authorization header. I know it was there before...

BTW- I am using a CF oauth app from Harry Klein (http://oauth.riaforge.org/):

<!--- set up the parameters --->
<cfset sConsumerKey = 'xxx'> <!--- Got these from Tumblr for my app --->
<cfset sConsumerSecret = 'xxx'> <!--- Got these from Tumblr for my app --->     
<cfset OAUTH_VERIFIER = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account --->
<cfset token = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account --->
<cfset tokenSecret = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account --->

<!--- set up the required objects including signature method--->
<cfset oReqSigMethodSHA = CreateObject("component", "oauth.oauthsignaturemethod_hmac_sha1")>
<cfset oToken = CreateObject("component", "oauth.oauthtoken").init(sKey = token, sSecret = tokenSecret)>
<cfset oConsumer = CreateObject("component", "oauth.oauthconsumer").init(sKey = sConsumerKey, sSecret = sConsumerSecret)>

<cfset oReq = CreateObject("component", "oauth.oauthrequest").fromConsumerAndToken(
    oConsumer = oConsumer,
    oToken = oToken,
    sHttpMethod = "GET",
    sHttpURL = 'http://api.tumblr.com/v2/user/info')> <!--- For now, just trying to get the user info --->
    <!--- The ultimate goal is to post to differnent blog accounts on tumblr --->

<cfset oReq.setParameter('oauth_verifier',oauth_verifier) /> <!--- Had to manually add in oauth_verifier if it is even needed --->

<cfset oReq.signRequest(
    oSignatureMethod = oReqSigMethodSHA,
    oConsumer = oConsumer,
    oToken = oToken)> <!--- Sign the request --->

<cfhttp url="#oReq.GETNORMALIZEDHTTPURL()#" method="get">
    <cfhttpparam type="header" name="authorization" value="#oReq.TOHEADER()#" />
</cfhttp>

<cfdump var="#cfhttp#" />

Here is some of what I have gotten back (I have added line breaks to make it more legible):

SIGNATUREBASESTRING:
    GET&
    http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo&
    oauth_consumer_key%3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26
    oauth_nonce%3D96A76129198ADF9B60874521D3FB718256B2D093%26
    oauth_timestamp%3D1358463090%26
    oauth_token%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26
    oauth_verifier%3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26
    oauth_version%3D1.0 

AUTHORIZATION HEADER:
    OAuth oauth_consumer_key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    oauth_timestamp="1358463090",
    oauth_version="1.0",
    oauth_nonce="96A76129198ADF9B60874521D3FB718256B2D093",
    oauth_token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    oauth_verifier="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" 

Every time I try to modify anything, it never works. I always get 401 Not Authorized response from Tumblr with no explanation as to what I am doing wrong.

I've been at this for days: please help

*Edit 1/24/2013**

    1. Getting the access_token:
    response from Tumblr to auth_token request (Success):
    oauth_token=XXX&
    oauth_token_secret=XXX&
    oauth_callback_confirmed=true

    2. Using access token to get user info:
    sConsumerKey:
    xxx

    sConsumerSecret:
    yyy

    EndPoint:
    http://api.tumblr.com/v2/user/info

    COMMETHOD:
    get

    token:
    XXX

    tokenSecret:
    XXX

    Signature base string:
    GET&
    http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo&
    oauth_consumer_key%3Dxxx&
    oauth_nonce%3DDED2857752C210C71D81DFD549B7B13113DCA50F&
    oauth_signature_method%3DHMAC-SHA1&
    oauth_timestamp%3D1358993908&
    oauth_token%XXX&
    oauth_version%3D1.0

    Signature:
    emffJ8+2QvExJzRH0fgDM8l3jDQ=

    Authorization Header:
    OAuth oauth_consumer_key="xxx"&
    oauth_nonce="DED2857752C210C71D81DFD549B7B13113DCA50F"&
    oauth_signature="emffJ8%2B2QvExJzRH0fgDM8l3jDQ%3D"&
    oauth_signature_method="HMAC-SHA1"&
    oauth_timestamp="1358993908"&
    oauth_token="XXX"&
    oauth_version="1.0" 

Verified that: 1. OAuth_token is correct. 2. oAuth Header is sorted in alphabetical order. 3. Signature base string contains no parameters because there are none. 4. Method is get. 5. OAuth Header contains oauth_signature.

Some questions are: 1. Are there any other headers that I need to include (not sure if CF is adding any in automatically) 2. Can anyone verify my signature base string? 3. Are there case sensitivity issues in the signature base string? (or anywhere else)

EDIT- 1/27/2013 Can anyone please confirm this info (I am using real values because everything will be reset after including the app itself):

Given:
1. Signature Base String:

GET&
http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo&
oauth_consumer_key%XXX%26
oauth_nonce%3DOAUTH7DC9F837D60483B9D10389C9BB0AEAF9%26
oauth_signature_method%3DHMAC-SHA1%26
oauth_timestamp%3D1359320053%26
oauth_token%XXX%26
oauth_version%3D1.0

2. Signing Key (consumer secret & auth_token_secret):
XXX&
XXX

Is this signature correct?

3. Signature:
2n+xbj9gbOrADeaQ3nORKNhOTUg=    

Is this Authorization Header correct:

4. Authorization header (FYI- there is a space after each comma- is that ok?
And- is the encoding on the Signature ok?):
(Also, I've tried this in alphabetical order and not- same result)

OAuth oauth_signature="2n%2Bxbj9gbOrADeaQ3nORKNhOTUg%3D", 
oauth_token="XXX", 
oauth_consumer_key="XXX", 
oauth_nonce="OAUTH7DC9F837D60483B9D10389C9BB0AEAF9", 
oauth_signature_method="HMAC-SHA1", 
oauth_timestamp="1359320053", 
oauth_version="1.0"

I'm hoping someone can confirm that this is correct or not. In the latter case, I'll tweak it a little and hopefully check again. Thanks in advance all.

like image 701
Alain Nisam Avatar asked Jan 17 '13 23:01

Alain Nisam


1 Answers

I haven't used the Tumblr API specifically, but have some ideas about your issue.

You didn't say what exactly are you trying to do. Have you successfully received access token? Or you are trying to use request token to get user info? - which won't work.

oauth_verifier is only needed in process of getting the access token - not when using normal API functionality (like getting user info).

To me it seems that you're trying to use request token to access user info and additionally unnecessarily adding the oauth_verifier to the url. You'll probably need to read on OAuth 1.0a flow.

Hope this helps.

UPDATE:

Here's a diagram of how OAuth 1.0a flow should look like. enter image description here

The original diagram image here

UPDATE after UPDATE

You say you're using the library from here http://oauth.riaforge.org/ but I don't see it in your code. Again - I haven't used the Tumblr API specifically, but simplest call using the aforementioned library I do like this:

<cfscript>
    consumerKey = 'xxx';
    consumerSecret = 'yyy';
    accessToken = 'xxxyyy';
    accessSecret = 'yyyxxx';

    //consumber object
    oauthConsumerCFC = CreateObject("component", "OAuth.oauthconsumer");
    oTumblrConsumer = oauthConsumerCFC.init(sKey = consumerKey, sSecret = consumerSecret);

    //token object
    oauthTokenCFC = CreateObject("component", "OAuth.oauthtoken");
    oTumblrAccessToken = oauthTokenCFC.init(sKey = accessToken, sSecret = accessSecret);

    //request object
    oauthRequestCFC = CreateObject("component", "OAuth.oauthrequest");
    oTumblrReqest = oauthRequestCFC.fromConsumerAndToken(
        oConsumer   : oTumblrConsumer,
        oToken      : oTumblrAccessToken,
        sHttpMethod : "GET",
        sHttpURL    : "http://api.tumblr.com/v2/user/info"
    );

    //signature method
    oauthSigMethodSHA = CreateObject("component", "OAuth.oauthsignaturemethod_hmac_sha1")

    //sign request
    oTumblrReqest.signRequest(
        oSignatureMethod    : oauthSigMethodSHA,
        oConsumer           : oTumblrConsumer,
        oToken              : oTumblrAccessToken
    );

    //signed url
    signedURL = oTumblrReqest.getString();
</cfscript>

<cfhttp method="get" url="#signedURL#" result="requestResult" charset="utf-8" redirect="no" />

<cfdump var="#requestResult#">

You can see other examples that are in the OAuth library archive.

Hope this helps.

like image 56
Lucas Avatar answered Oct 16 '22 16:10

Lucas