Geek Answers Handbook

Coldfusion Tumblr oAuth Frustration

I understand that this is nothing new and that there is already a lot on this topic. However, they are not exactly related to what I'm looking for ... SO, here it is:

I reviewed EVERY other post on this topic and nothing works for me. Here is a brief overview of what I am doing:

*** I have been thinking for so long that I am losing information about where I am - I just realized that my oauth_signature is now missing in my authorization header. I know that it was there before ...

BTW- I am using CF oauth application from Harry Klein ( http://oauth.riaforge.org/ ):

<!--- set up the parameters ---> <cfset sConsumerKey = 'xxx'> <!--- Got these from Tumblr for my app ---> <cfset sConsumerSecret = 'xxx'> <!--- Got these from Tumblr for my app ---> <cfset OAUTH_VERIFIER = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account ---> <cfset token = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account ---> <cfset tokenSecret = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account ---> <!--- set up the required objects including signature method---> <cfset oReqSigMethodSHA = CreateObject("component", "oauth.oauthsignaturemethod_hmac_sha1")> <cfset oToken = CreateObject("component", "oauth.oauthtoken").init(sKey = token, sSecret = tokenSecret)> <cfset oConsumer = CreateObject("component", "oauth.oauthconsumer").init(sKey = sConsumerKey, sSecret = sConsumerSecret)> <cfset oReq = CreateObject("component", "oauth.oauthrequest").fromConsumerAndToken( oConsumer = oConsumer, oToken = oToken, sHttpMethod = "GET", sHttpURL = 'http://api.tumblr.com/v2/user/info')> <!--- For now, just trying to get the user info ---> <!--- The ultimate goal is to post to differnent blog accounts on tumblr ---> <cfset oReq.setParameter('oauth_verifier',oauth_verifier) /> <!--- Had to manually add in oauth_verifier if it is even needed ---> <cfset oReq.signRequest( oSignatureMethod = oReqSigMethodSHA, oConsumer = oConsumer, oToken = oToken)> <!--- Sign the request ---> <cfhttp url="#oReq.GETNORMALIZEDHTTPURL()#" method="get"> <cfhttpparam type="header" name="authorization" value="#oReq.TOHEADER()#" /> </cfhttp> <cfdump var="#cfhttp#" />

Here are some of what I returned (I added line breaks to make it more understandable):

 SIGNATUREBASESTRING: GET& http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo& oauth_consumer_key%3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26 oauth_nonce%3D96A76129198ADF9B60874521D3FB718256B2D093%26 oauth_timestamp%3D1358463090%26 oauth_token%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26 oauth_verifier%3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26 oauth_version%3D1.0 AUTHORIZATION HEADER: OAuth oauth_consumer_key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", oauth_timestamp="1358463090", oauth_version="1.0", oauth_nonce="96A76129198ADF9B60874521D3FB718256B2D093", oauth_token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", oauth_verifier="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Every time I try to change something, it never works. I always get a 401 Not Authorized response from Tumblr without explaining what I'm doing wrong.

I have been in this for several days: please help

* Edit 1/24/2013 **

  1. Getting the access_token: response from Tumblr to auth_token request (Success): oauth_token=XXX& oauth_token_secret=XXX& oauth_callback_confirmed=true 2. Using access token to get user info: sConsumerKey: xxx sConsumerSecret: yyy EndPoint: http://api.tumblr.com/v2/user/info COMMETHOD: get token: XXX tokenSecret: XXX Signature base string: GET& http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo& oauth_consumer_key%3Dxxx& oauth_nonce%3DDED2857752C210C71D81DFD549B7B13113DCA50F& oauth_signature_method%3DHMAC-SHA1& oauth_timestamp%3D1358993908& oauth_token%XXX& oauth_version%3D1.0 Signature: emffJ8+2QvExJzRH0fgDM8l3jDQ= Authorization Header: OAuth oauth_consumer_key="xxx"& oauth_nonce="DED2857752C210C71D81DFD549B7B13113DCA50F"& oauth_signature="emffJ8%2B2QvExJzRH0fgDM8l3jDQ%3D"& oauth_signature_method="HMAC-SHA1"& oauth_timestamp="1358993908"& oauth_token="XXX"& oauth_version="1.0"

Checked that: 1. OAuth_token is correct. 2. oAuth Header is sorted alphabetically. 3. The signature database row does not contain parameters, because there are none. 4. The get method. 5. The OAuth header contains oauth_signature.

Some questions: 1. Are there any other headers that I need to include (not sure if CF adds automatically) 2. Can someone verify my signature base line? 3. Are there any case sensitivity issues in the signature baseline? (or anywhere else)

EDIT-1/27/2013 Someone can confirm this information (I use real values, because everything will be reset after turning on the application itself):

 Given: 1. Signature Base String: GET& http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo& oauth_consumer_key%XXX%26 oauth_nonce%3DOAUTH7DC9F837D60483B9D10389C9BB0AEAF9%26 oauth_signature_method%3DHMAC-SHA1%26 oauth_timestamp%3D1359320053%26 oauth_token%XXX%26 oauth_version%3D1.0 2. Signing Key (consumer secret & auth_token_secret): XXX& XXX Is this signature correct? 3. Signature: 2n+xbj9gbOrADeaQ3nORKNhOTUg= Is this Authorization Header correct: 4. Authorization header (FYI- there is a space after each comma- is that ok? And- is the encoding on the Signature ok?): (Also, I've tried this in alphabetical order and not- same result) OAuth oauth_signature="2n%2Bxbj9gbOrADeaQ3nORKNhOTUg%3D", oauth_token="XXX", oauth_consumer_key="XXX", oauth_nonce="OAUTH7DC9F837D60483B9D10389C9BB0AEAF9", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1359320053", oauth_version="1.0"

I hope someone can confirm that this is correct or not. In the latter case, I will pick it up a bit and hopefully spend it again. Thanks in advance.

+7
source share
1 answer

I did not use the Tumblr API specifically, but I have some ideas about your problem.

You did not say what exactly you are trying to do. Have you successfully received an access token? Or are you trying to use a request token to get user information? - it will not work.

oauth_verifier is necessary only to obtain an access token - not when using the usual API functionality (for example, obtaining user information).

It seems to me that you are trying to use the request token to access user information and additionally unnecessarily adding oauth_verifier to the URL. You will probably need to read the OAuth 1.0a stream.

Hope this helps.

UPDATE:

The OAuth 1.0a flow diagram should be displayed here. enter image description here

The image of the source circuit here

UPDATE after UPDATE

You say you use the http://oauth.riaforge.org/ library here, but I do not see it in your code. Again - I did not use the Tumblr API specifically, but I like the simplest call using the above library:

 <cfscript> consumerKey = 'xxx'; consumerSecret = 'yyy'; accessToken = 'xxxyyy'; accessSecret = 'yyyxxx'; //consumber object oauthConsumerCFC = CreateObject("component", "OAuth.oauthconsumer"); oTumblrConsumer = oauthConsumerCFC.init(sKey = consumerKey, sSecret = consumerSecret); //token object oauthTokenCFC = CreateObject("component", "OAuth.oauthtoken"); oTumblrAccessToken = oauthTokenCFC.init(sKey = accessToken, sSecret = accessSecret); //request object oauthRequestCFC = CreateObject("component", "OAuth.oauthrequest"); oTumblrReqest = oauthRequestCFC.fromConsumerAndToken( oConsumer : oTumblrConsumer, oToken : oTumblrAccessToken, sHttpMethod : "GET", sHttpURL : "http://api.tumblr.com/v2/user/info" ); //signature method oauthSigMethodSHA = CreateObject("component", "OAuth.oauthsignaturemethod_hmac_sha1") //sign request oTumblrReqest.signRequest( oSignatureMethod : oauthSigMethodSHA, oConsumer : oTumblrConsumer, oToken : oTumblrAccessToken ); //signed url signedURL = oTumblrReqest.getString(); </cfscript> <cfhttp method="get" url="#signedURL#" result="requestResult" charset="utf-8" redirect="no" /> <cfdump var="#requestResult#">

You can see other examples that are in the OAuth library archive.

Hope this helps.

+1
source

More articles:


All Articles