I'm trying to make an authorized Google API call using a JWT.
But when I send the request I get this error:
{
"error": "invalid_grant",
"error_description": "Invalid JWT Signature."
}
I'm following this manual https://developers.google.com/identity/protocols/oauth2/service-account#httprest
The JWT consists of three parts: header, claim set and signature. The header is always the same for authentication and I set every neccessary parameter in the claim set.
Now for the signature it says that you have to encode the header and claim set using Base64url and concatenate them together with a period: {Base64url encoded header}.{Base64url encoded claim set}
Then you sign this using SHA256withRSA and encode the result as well using Base64url again. After that you get the JWT also by concatenating them together: {Base64url encoded header}.{Base64url encoded claim set}.{Base64url encoded signature}
But when I send the request using the JWT I always get the said error. I also tried encoding it first and then signing it but I get the same result.
Am I creating the signature correctly?
If so does anyone have an idea what else the problem could be?
So with the information you provided, your signature is invalid.
You can use https://jwt.io debugger to validate your token and compare the Base64url results.
Related
I am trying to access this endpoint, where signature parameter has to be sent as query parameter
https://binance-docs.github.io/apidocs/spot/en/#current-open-orders-user_data
I am trying to understand what value for that signature key should be passed.
Firstly i thought it was secret key binance exchange given. But it was not, because when try to above endpoint it says that :
{
"code": -1022,
"msg": "Signature for this request is not valid."
}
^Postman
As you can see i passed my secret key as the value for signature key. It is not working. So what am i really missing here ? or do i need to do some transformations to the secret key ? please help me understand it and advance thanks!
It looks like you are putting the timestamp before the recvWindow in your query string.
timestamp is always the last parameter and the order of the parameters in the docs clearly puts recvWindow before timestamp.
I managed to get it working with query string recvWindow=60000×tamp=1652512756366
Secret key and signature are two different things.
You need to sign the parameters with your secret key. This process produces a signature. And then you pass this resulting signature to the payload.
I'm not sure how to produce the signature in C++, however Binance docs show an example of signing the data in console with openssl (scroll right on all 3 examples).
I am new to the world of APIs and Auth, and would certainly appreciate any help. I am attempting to authorize and receive a token through the Vimeo API (OAuth2). My question is how to properly set the value of the Authorization Header. (Table below from: https://developer.vimeo.com/api/authentication)
Header
Set value to
Authorization
basic base64_encode(x:y), where x is the client identifier and y is the client secret
In this table is base64_encode plain text that I need to write, or does this denote a function I need to use in my language that converts x:y into Base64? M Language, in my case.
Also, are my clientID and clientSecret ready to put into the header "as-is" or do they themselves need to be converted into Base64 before being used as auth for the token endpoint?
The gist of my confusion is how exactly I should write the authorization header, because I keep getting the error "[invalid_client] A valid client ID must be provided along with any request made to Vimeo's API" when trying to POST to the token endpoint.
Thank you for any help!
The idea that you should use some sort of function to encode your clientID and secret is correct.
If you are using javascript the code might looks something like this
const clientId = 'client_id';
const clientSecret = 'client_secret';
// btoa() is a javascript built-in that base64 encodes a string
const authorizationValue = 'Basic ' + btoa( clientId + ':' + clientSecret );
You can read more about btoa() on Mozilla's documentation website.
https://developer.mozilla.org/en-US/docs/Web/API/btoa
I want to use HERE map api's in my project.
As per their document, I need to use generate the signature first using Oauth 1.0 HMAC-256.
I am following below AAA sdk by HERE map :
https://github.com/heremaps/here-aaa-java-sdk/blob/master/here-oauth-client/src/main/java/com/here/account/auth/SignatureCalculator.java
SignatureCalculator signatureCalculator = new SignatureCalculator(CONSUMER_KEY,CONSUMER_SECRET);
String signature = signatureCalculator.calculateSignature("GET","https://account.api.here.com/oauth2/token",
(System.currentTimeMillis()/1000L),RandomStringUtils.randomAlphanumeric(12),
SignatureMethod.HMACSHA256,null,null);
But I am not able to generate the token using this signature. I got below error :
{"errorId":"ERROR-25b51579-57d0-4873-b82e-466519b8b6a4","httpStatus":401,"errorCode":401202,"message":"Invalid Client Authorization header, expecting signed request format.","error":"invalid_request","error_description":"errorCode: '401202'. Invalid Client Authorization header, expecting signed request format."}
When i try to do same through postman then everything works perfect.
There is difference between both the signature (generated though postman which works / generated though java code)
pw7d5IVYFsYH0zNPNZJU7x3T6LUtDj8zzYw2hsUUlM= . -- Not Working. Generated using AAA here library.
tBWyomfDmgihh2kC%2B14qYurOoPF%2FYkpg7QyGpwgZ77A%3D" -- Working Signature , generated through postman
I think I am doing wrong signature generation.
You have to done signature encoding by URLEncoding in UTF-8 format.
URLEncoder.encode("Signature_Generated_from_HMAC-SHA256","UTF-8")
I am trying Token based authentication with NancyFX. Token is getting generated perfectly but when I am passing header in Get Request, I can't get pass this.RequiresAuthentication() and getting unauthorized error.
Here is my token format
Token:{ token: "ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=" }
Am I passing wrong way?
I have also tried
Token:{ ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=}
and also
"Token:{ ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=}"
But nothing work.
Please let me know if any more details are required.
The value of the authorization header must simply read "Token ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY" (no quotes).
The brackets in the documentation threw me off as well.
I'm new to Oauth and I stack on getting oauth_access_token to work with Xero. Web Service authentication doesn't work for me.
Xero returns the following error message "oauth_problem=signature_invalid&oauth_problem_advice=Failed to validate signature".
The generated signature is incorrect, but what is right way to generate it?
Here is APEX code which generates Endpoint. What is wrong?
Http h = new Http();
String consumer_key='XXX';
Long tmp=(System.now().getTime()/1000);
Blob isItCorrect = Crypto.generateMac('HMacSHA1', Blob.valueOf('https://api.xero.com/api.xro/2.0'), Blob.valueOf(consumer_key));
String signature= EncodingUtil.urlEncode(EncodingUtil.base64Encode(isItCorrect), 'UTF-8');
// Try to get access token
HttpRequest req = new HttpRequest();
req.setEndpoint('https://api.xero.com/oauth/RequestToken?oauth_consumer_key='+consumer_key+
'&oauth_signature_method=RSA-SHA1'+
'&oauth_signature='+signature+
'&oauth_timestamp='+tmp+ '&oauth_nonce='+tmp+'&oauth_version=1.0&scope=https%3A%2F%2Fapi.xero.com%2Fapi.xro%2F2.0');
req.setMethod('GET');
// Send the request, and return a response
HttpResponse res = h.send(req);
System.debug('~~~ '+res.getBody());
It generates following Endpoint:
Endpoint=https://api.xero.com/oauth/RequestToken?oauth_consumer_key=ICSP7Y5K2TG7RIIC6Y7R7KLC1AHWYC&oauth_signature_method=RSA-SHA1&oauth_signature=gWP02y2EIatw4xilTvd5Iq3e0%2Fw%3D&oauth_timestamp=1372123781&oauth_nonce=1372123781&oauth_version=1.0&scope=https%3A%2F%2Fapi.xero.com%2Fapi.xro%2F2.0
Just as an aside: I've never worked with salesforce so I'm not sure if there's a better
way to leverage existing oauth work on the platform, it's very rare
now to have to write all the oauth signature stuff yourself and it's
easy to make a mistake but here goes]
I think your signature base string is incorrect.
As far as I can tell you're just performing HMAC-SHA1 over https://api.xero.com/api.xro/2.0
if you read the OAuth Spec here: http://oauth.net/core/1.0/#anchor14 you need to construct the following base string (based on the request above)
GET&https%3A%2F%2Fapi.xero.com%2Foauth%2Frequesttoken&oauth_consumer_key%3DCONSUMER_KEY%26oauth_nonce (etc etc, just append all your query parameters apart from oauth_consumer as url encoded key=value pairs, in alphabetical order)
and then you need to create the hash with the key CONSUMER_KEY&CONSUMER_SECRET (both CONSUMER_KEY and CONSUMER_SECRET should be parameter encoded as per the OAuth Spec)
That should give you a valid signature..
Edit: I found this library which might be of help: https://code.google.com/p/sfdc-oauth-playground/