PHP OAuthProvider rejecting signature method on staging server

Question

I've made an OAuth Provider using the PHP Extension. This works fine in my development environment but after moving it to our Staging server I keep receiving the error message:

oauth_problem=signature_method_rejected

I've tested this by connecting using a test script on the staging server connecting to itself, the development server connecting the staging server, and using both the PHP OAuth Extension and the Zend OAuth Consumer class. In every case it works when connecting to the development server, but gives the above error when connecting to the Staging server.

Tracing through the code, the error is given when the OAuthProvider class is instantiated.

$this->provider = new OAuthProvider();

Checking the $_SERVER['QUERY_STRING'] gives me the following:

oauth_consumer_key=6e449c12132115a9ba1cf1163c37f904&
oauth_nonce=e2ff158969b3e7213927e4a19de1b11f&
oauth_timestamp=1343990462&
oauth_signature_method=HMAC-SHA1&
oauth_version=1.0&
oauth_callback=redacted&
oauth_signature=y06YvCzVno8GSDib4%2BOeExDGWH0%3D

(breaks inserted for readability)

As you can see the signature method is valid (I've tried the other methods mentioned in the spec, but they didn't work on either the staging server or the development server.

Has anyone come across anything like this before? If any more information is required, please let me know.

Answer 1

Can you check if you have any htauth stuff blocking? Also, does your application duck and dive between http and https connections?

I believe you have htauth set up which is blocking the communication I suggest amending your vhost to:

Order Deny,Allow deny from all AuthType Basic AuthName "Protected Area" AuthUserFile Require valid-user allow from your IP address

If you put this in your vhost reference your public folder this should allow the ip addresses to communicate without the htpasswd stuff....

Thanks,

Answer 2

I solved this by update SIGNATURE_METHOD = HmacSHA1 to HMAC-SHA1.