REST Api Oauth Invalid Signature

I'm getting an error when trying to request a request token via the REST API. This is what I am sending as my bas string (before encrypting)

POST&https%3A%2F%2Fgnerbdev.atlassian.net%2Fplugins%2Fservlet%2Foauth%2Frequest-token&oauth_consumer_key%3D3MVG9KI2HHAq33RwCPH5bNzAHbOgfiicjJ6HjvVfNhGU8aWXGl6ps.vsEzobCPqRXuDcmeV2Baw%3D%3D%26oauth_nonce%3D7188823967346491475%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1492306511

Below is what I am recieving.

18:35:11:202 USER_DEBUG 
[30]|DEBUG|oauth_problem=signature_invalid

&oauth_signature=<redacted because apparently atlassian doesn't want me to put this in the question>

&oauth_signature_base_string=POST%26https%253A%252F%252Fgnerbdev.atlassian.net%252Fplugins%252Fservlet%252Foauth%252Frequest-token%26oauth_consumer_key%253D3MVG9KI2HHAq33RwCPH5bNzAHbOgfiicjJ6HjvVfNhGU8aWXGl6ps.vsEzobCPqRXuDcmeV2Baw%25253D%25253D%2526oauth_nonce%253D7188823967346491475%2526oauth_signature_method%253DRSA-SHA1%2526oauth_timestamp%253D1492306511

&oauth_signature_method=RSA-SHA1

I'm not sure what I'm missing being an oauth newb and all.

2 answers

This widget could not be displayed.

Hi,

I am facing the same issue. did you solve that issue? 

if yes then please provide the solution

This widget could not be displayed.

Hi,

After one week I solved the same problem.

At first, it is not important which protocoll you use, my application (HTTPS) is able to communicate to JIRA (http).

Be sure to configure your application link correctly.  This website helped me: Configure Application Link .

You should also use the parameter 'oauth_callback'.

At first you have to create a correct base string, here is my code (PHP):

$paramValues = [];
    foreach($parameter as $key => $value){
        $key = rawurlencode($key);
        $value = urlencode($value);
        $paramValues[] = $key . '=' . $value;
    }
    ksort($paramValues);
    
    $baseString = strtoupper($pHttpMethod) . //would be POST
        '&' . rawurlencode('BASEURL/plugins/servlet/oauth/request-token') .
        '&' . rawurlencode(implode('&', $paramValues));

The variable $parameter (array) is like

'oauth_callback' => 'oob',

'oauth_consumer_key' => blabla.

and so on :)

Make sure your base string is correctly.

After that, you have to create the signature:

    $publicKey = openssl_pkey_get_public("file:..jira_publickey.pem");
    $certificate = openssl_pkey_get_private("file:..jira_privatekey.pem");
    $privateKey = openssl_get_privatekey($certificate);
    $rawSignature = '';

    openssl_sign($baseString,$rawSignature ,$privateKey, 'sha1WithRSAEncryption');

    $signCheck = openssl_verify($baseString, $rawSignature, $publicKey, OPENSSL_ALGO_SHA1);
    if($signCheck == 1 ){
        return base64_encode($rawSignature);
    } elseif ($signCheck == 0){
        return 0;
    } else {
      echo "Error". openssl_error_string();
    }
    openssl_free_key($publicKey);
    openssl_free_key($privateKey);

I used the algorithm sha1WithRSAEncryption but you can also use OPENSSL_ALGO_SHA1. I demonstrated it with openssl_verify.

It's important to encode your signature base64.

After that, you create a new array with all these paremeters with (!) oauth_signature:

'oauth_callback' => 'oob',
        'oauth_consumer_key' => yourconsumerkey,
        'oauth_nonce' => same nonce,
        'oauth_signature_method' => 'RSA-SHA1,
        'oauth_timestamp' => 'same timestamp',
        'oauth_version' => '1.0'
        'oauth_signature' => 'yourgeneratedSignature'

Be sure, the values are identical to your previous values, if you use an another timestamp or nonce the signature will be invalid.

$timestamp = time();
$nonce = rand(10000, 999999999);

After that, send your parameter to JIRA. My code:

$ch = curl_init();
    curl_setopt_array(
            $ch,
            [
                CURLOPT_POST => true,
                CURLOPT_URL => BASEURL/plugins/servlet/oauth/request-token . '?' . http_build_query($fullParameter),
                CURLOPT_RETURNTRANSFER => true,
                CURLOPT_SSL_VERIFYHOST => false,
                CURLOPT_SSL_VERIFYPEER => false,
            ]
            );
    $result = curl_exec($ch);

   curl_close($ch);

$fullParameter should also be an array.

I didn't touch the header or the body and it works fluently.

You should get the oauth_token and oauth_token_secret

In your Webbrowser type the URL: BASEURL/plugins/servlet/oauth/authorize ?oauth_token=your token.

you will see the JIRA Site.  If you set an URL in 'oauth_callback' JIRA will send the information back to that link.

This image is also very usefull:

OAuth 1.0a Authentication Process

I hope I could help you a bit, question me, if you are not sure :)

Kind Regards

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Published 7 hours ago in Bitbucket

Branch Management with Bitbucket

As a project manager, I have discovered that different developers want to bring their previous branching method with them when they join the team. Some developers are used to performing individual wo...

36 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you