Issue #8849 resolved

Oauth returns Could not verify OAuth request.

Jan Altensen
created an issue

Hello i want to use the OAuth api now the problem is https://bitbucket.org/!api/1.0/oauth/access_token returns evers time "Could not verify OAuth request."

here is my script

<?php
try {
    // fetch access_token
    $oauthHeader = array(
        'oauth_consumer_key' => StringUtil::trim(BITBUCKET_PUBLIC_KEY),
        'oauth_nonce' => StringUtil::getRandomID(),
        'oauth_signature_method' => 'HMAC-SHA1',
        'oauth_timestamp' => TIME_NOW,
        'oauth_version' => '1.0',
        'oauth_token' => $_GET['oauth_token']
    );
    $postData = array(
        'oauth_verifier' => $_GET['oauth_verifier']
    );

    $signature = $this->createSignature('https://bitbucket.org/!api/1.0/oauth/access_token', array_merge($oauthHeader, $postData));
    $oauthHeader['oauth_signature'] = $signature;

    $request = new HTTPRequest('https://bitbucket.org/!api/1.0/oauth/access_token', array(), $postData);
    $request->addHeader('Authorization', 'OAuth '.$this->buildOAuthHeader($oauthHeader));
    $request->execute();
    $reply = $request->getReply();
    $content = $reply['body'];
}
catch (SystemException $e) {
    throw new IllegalLinkException();
}

public function buildOAuthHeader(array $parameters) {
    $header = '';
    foreach ($parameters as $key => $val) {
        if ($header !== '') $header .= ', ';
        $header .= rawurlencode($key).'="'.rawurlencode($val).'"';
    }

    return $header;
}

public function createSignature($url, array $parameters, $tokenSecret = '') {
    $tmp = array();
    foreach ($parameters as $key => $val) {
        $tmp[rawurlencode($key)] = rawurlencode($val);
    }
    $parameters = $tmp;

    uksort($parameters, 'strcmp');
    $parameterString = '';
    foreach ($parameters as $key => $val) {
        if ($parameterString !== '') $parameterString .= '&';
        $parameterString .= $key.'='.$val;
    }

    $base = "POST&".rawurlencode($url)."&".rawurlencode($parameterString);
    $key = rawurlencode(StringUtil::trim(BITBUCKET_PRIVATE_KEY)).'&'.rawurlencode($tokenSecret);

    return base64_encode(hash_hmac('sha1', $base, $key, true));
}

?>

can anybody say me whats wrong?

Comments (4)

  1. Log in to comment