It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

REST Api Oauth Invalid Signature

I'm getting an error when trying to request a request token via the REST API. This is what I am sending as my bas string (before encrypting)

POST&https%3A%2F%2Fgnerbdev.atlassian.net%2Fplugins%2Fservlet%2Foauth%2Frequest-token&oauth_consumer_key%3D3MVG9KI2HHAq33RwCPH5bNzAHbOgfiicjJ6HjvVfNhGU8aWXGl6ps.vsEzobCPqRXuDcmeV2Baw%3D%3D%26oauth_nonce%3D7188823967346491475%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1492306511

Below is what I am recieving.

18:35:11:202 USER_DEBUG 
[30]|DEBUG|oauth_problem=signature_invalid

&oauth_signature=<redacted because apparently atlassian doesn't want me to put this in the question>

&oauth_signature_base_string=POST%26https%253A%252F%252Fgnerbdev.atlassian.net%252Fplugins%252Fservlet%252Foauth%252Frequest-token%26oauth_consumer_key%253D3MVG9KI2HHAq33RwCPH5bNzAHbOgfiicjJ6HjvVfNhGU8aWXGl6ps.vsEzobCPqRXuDcmeV2Baw%25253D%25253D%2526oauth_nonce%253D7188823967346491475%2526oauth_signature_method%253DRSA-SHA1%2526oauth_timestamp%253D1492306511

&oauth_signature_method=RSA-SHA1

I'm not sure what I'm missing being an oauth newb and all.

2 answers

Hi,

I am facing the same issue. did you solve that issue? 

if yes then please provide the solution

Hi,

After one week I solved the same problem.

At first, it is not important which protocoll you use, my application (HTTPS) is able to communicate to JIRA (http).

Be sure to configure your application link correctly.  This website helped me: Configure Application Link .

You should also use the parameter 'oauth_callback'.

At first you have to create a correct base string, here is my code (PHP):

$paramValues = [];
    foreach($parameter as $key => $value){
        $key = rawurlencode($key);
        $value = urlencode($value);
        $paramValues[] = $key . '=' . $value;
    }
    ksort($paramValues);
    
    $baseString = strtoupper($pHttpMethod) . //would be POST
        '&' . rawurlencode('BASEURL/plugins/servlet/oauth/request-token') .
        '&' . rawurlencode(implode('&', $paramValues));

The variable $parameter (array) is like

'oauth_callback' => 'oob',

'oauth_consumer_key' => blabla.

and so on :)

Make sure your base string is correctly.

After that, you have to create the signature:

    $publicKey = openssl_pkey_get_public("file:..jira_publickey.pem");
    $certificate = openssl_pkey_get_private("file:..jira_privatekey.pem");
    $privateKey = openssl_get_privatekey($certificate);
    $rawSignature = '';

    openssl_sign($baseString,$rawSignature ,$privateKey, 'sha1WithRSAEncryption');

    $signCheck = openssl_verify($baseString, $rawSignature, $publicKey, OPENSSL_ALGO_SHA1);
    if($signCheck == 1 ){
        return base64_encode($rawSignature);
    } elseif ($signCheck == 0){
        return 0;
    } else {
      echo "Error". openssl_error_string();
    }
    openssl_free_key($publicKey);
    openssl_free_key($privateKey);

I used the algorithm sha1WithRSAEncryption but you can also use OPENSSL_ALGO_SHA1. I demonstrated it with openssl_verify.

It's important to encode your signature base64.

After that, you create a new array with all these paremeters with (!) oauth_signature:

'oauth_callback' => 'oob',
        'oauth_consumer_key' => yourconsumerkey,
        'oauth_nonce' => same nonce,
        'oauth_signature_method' => 'RSA-SHA1,
        'oauth_timestamp' => 'same timestamp',
        'oauth_version' => '1.0'
        'oauth_signature' => 'yourgeneratedSignature'

Be sure, the values are identical to your previous values, if you use an another timestamp or nonce the signature will be invalid.

$timestamp = time();
$nonce = rand(10000, 999999999);

After that, send your parameter to JIRA. My code:

$ch = curl_init();
    curl_setopt_array(
            $ch,
            [
                CURLOPT_POST => true,
                CURLOPT_URL => BASEURL/plugins/servlet/oauth/request-token . '?' . http_build_query($fullParameter),
                CURLOPT_RETURNTRANSFER => true,
                CURLOPT_SSL_VERIFYHOST => false,
                CURLOPT_SSL_VERIFYPEER => false,
            ]
            );
    $result = curl_exec($ch);

   curl_close($ch);

$fullParameter should also be an array.

I didn't touch the header or the body and it works fluently.

You should get the oauth_token and oauth_token_secret

In your Webbrowser type the URL: BASEURL/plugins/servlet/oauth/authorize ?oauth_token=your token.

you will see the JIRA Site.  If you set an URL in 'oauth_callback' JIRA will send the information back to that link.

This image is also very usefull:

OAuth 1.0a Authentication Process

I hope I could help you a bit, question me, if you are not sure :)

Kind Regards

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you