Tumblr C# Access token oauth_signature does not match expected value 401 Error

2
votes

I am working on a .net app to gain access to my tumblr account.

In the ouath handshake I am making it through the authorization step. However when trying to get my access tokens (after I authorize my account on tumblr to grant my app permissions) I am getting a 401 error of oauth_signature does not match expected value

Here is my url I am calling to get the access token… is there something wrong with this format? (I put some z’s in for my consumer key, oauth token, and oauth verifier for privacy purposes). This is the same format I use for twitter which works fine.

Any Ideas?

http://www.tumblr.com/oauth/access_token?oauth_callback=oob&oauth_consumer_key=UDwa2ZMvBGU53XXXXXXXXXXXXXXXXXXXXXX&oauth_nonce=9299949&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1345645132&oauth_token=kg6M3FeYUoHVEMRQZZZZZZZZZZZZZZZZZZZZZZZZ&oauth_verifier=BgXcqcmyiSuJWHggMzCQcZZZZZZZZZZZZZZZZZZZZ&oauth_version=1.0&oauth_signature=iPbc5kE5LbudXJm1MVc0VNeIQxA%3D

2
.netoauthtumblr

2 Answers

4
votes

Turns out the oauth token secret gotten during the step setting up the URL for request for authorization needs to also be saved off and then used in the final step gaining the access token and secret.

1
votes

You just need to extract the oauth_token_secret after performing the call to

https://www.tumblr.com/oauth/request_token

Params for the second call:

$params = array(
            "oauth_consumer_key" => $this->key,
            "oauth_nonce" => time(),
            "oauth_signature_method" => "HMAC-SHA1",
            "oauth_timestamp" => time(),
            "oauth_token" => $tumblr_oauth_token,
            "oauth_verifier" => $oauth_verifier,
            "oauth_version" => "1.0",
        );

And then use the token_secret for oauth_signature:

$secret = encode_rfc3986($token)."&".encode_rfc3986($token_secret);
$params['oauth_signature']=encode_rfc3986(base64_encode(hash_hmac('sha1',$baseString, $secret, TRUE)));

All done. The issue occurred due to oauth_signature.