[Standards] oauth signature

Seth Fitzsimmons seth at mojodna.net
Sun Feb 15 18:54:05 UTC 2009

No, it's not.  Good catch.

The sample stanza has a signature of
"wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D" (which shouldn't be escaped, but is
still wrong).

The signature base string is correct (although Fire Eagle's
implementation requires bare JIDs).  The calculated signature
("Z0F5zmPWwbunk5dc2hNBn1NgBj4=") is also wrong (it should match the
example stanza).

The correct signature should be: 9PQkM4YKgaM067wqrDGshXOwDW0=

I know of 2 other client implementations in-progress, but no other
servers at the moment.

This was calculated using my fork of the OAuth gem
(github.com/mojodna/oauth - `sudo gem install mojodna-oauth`):

oauth --consumer-key 0685bd9184jfhq22 \
--consumer-secret consumersecret \
--token ad180jjd733klru7 \
--secret tokensecret \
--nonce 4572616e48616d6d65724c61686176 \
--timestamp 1218137833 \
--signature-method HMAC-SHA1 \
--uri "travelbot at findmenow.tld/bot&feeds.worldgps.tld" \
--xmpp \

The output was:
OAuth parameters:
  oauth_nonce: 4572616e48616d6d65724c61686176
  oauth_signature_method: HMAC-SHA1
  oauth_token: ad180jjd733klru7
  oauth_timestamp: 1218137833
  oauth_consumer_key: 0685bd9184jfhq22
  oauth_version: 1.0

Method: iq
URI: travelbot at findmenow.tld/bot&feeds.worldgps.tld
Signature base string:

XMPP Stanza:
  <oauth xmlns='urn:xmpp:tmp:oauth'>

Note: You may want to use bare JIDs in your URI.

Signature:         9PQkM4YKgaM067wqrDGshXOwDW0=
Escaped signature: 9PQkM4YKgaM067wqrDGshXOwDW0%3D

I hope this helps.

On Sun, Feb 15, 2009 at 10:31 AM, Fabio Forno <fabio.forno at gmail.com> wrote:
> Is the Oauth signature in xep 235 actually calculated with the given
> values (and all escaping correct)? I'm trying to implement it and I
> get different values, while I can reproduce the sign of main oauth
> specs
> Besides fireeagle are there any other services for testing it?
> --
> ff

More information about the Standards mailing list