Home/ Questions/Q 3991636
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T06:38:23+00:00

I’m trying to build a valid signature key (I’m using the HMAC-SHA1 method), so

  • 0

I’m trying to build a valid signature key (I’m using the HMAC-SHA1 method), so far this is still invalid(i’m using an online test server at http://term.ie/oauth/example/client.php):

    function _build_signature_hmac($base_url, $params, $consumer_key, $token_secret = '')
    {
        // Setup base-signature data
        $data = 'POST&' . $base_url . '&';

        // Sort the params array keys first
        ksort($params);

        // Attach params string
        $data .= rawurlencode(http_build_query($params));

        // Build the signature key
        $key = rawurlencode($consumer_key) . '&' . rawurlencode($token_secret);

        return base64_encode(hash_hmac('sha1', $data, $key));
    }

Since this is a request for an unauthorized token, the $token_secret string is empty.
The returned signature looks like this:

POST&http://term.ie/oauth/example/request_token.php&oauth_consumer_key%3Dkey%26oauth_nonce%3D0uPOn3pPUbPlzWx2cO6citRPafIni5%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1298745681%26oauth_version%3D1.0

And the $key looks like this: secret&

The keys/secrets are all correct and I’m getting a response from the server saying ‘invalid signature’. Am I building it the right way?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The method from the implementation I am using….

     public function build_signature($request, $consumer, $token) {
    $base_string = $request->get_signature_base_string();
    $request->base_string = $base_string;

    $key_parts = array(
      $consumer->secret,
      ($token) ? $token->secret : ""
    );

    $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
    $key = implode('&', $key_parts);

    return base64_encode(hash_hmac('sha1', $base_string, $key, true));
  }



 public static function urlencode_rfc3986($input) {
  if (is_array($input)) {
    return array_map(array('OAuthUtil', 'urlencode_rfc3986'), $input);
  } else if (is_scalar($input)) {
    return str_replace(
      '+',
      ' ',
      str_replace('%7E', '~', rawurlencode($input))
    );
  } else {
    return '';
  }

    If it helps at all…

    • 0