REST Api Oauth Invalid Signature

I'm getting an error when trying to request a request token via the REST API. This is what I am sending as my bas string (before encrypting)

POST&https%3A%2F%2Fgnerbdev.atlassian.net%2Fplugins%2Fservlet%2Foauth%2Frequest-token&oauth_consumer_key%3D3MVG9KI2HHAq33RwCPH5bNzAHbOgfiicjJ6HjvVfNhGU8aWXGl6ps.vsEzobCPqRXuDcmeV2Baw%3D%3D%26oauth_nonce%3D7188823967346491475%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1492306511

Below is what I am recieving.

18:35:11:202 USER_DEBUG 
[30]|DEBUG|oauth_problem=signature_invalid

&oauth_signature=<redacted because apparently atlassian doesn't want me to put this in the question>

&oauth_signature_base_string=POST%26https%253A%252F%252Fgnerbdev.atlassian.net%252Fplugins%252Fservlet%252Foauth%252Frequest-token%26oauth_consumer_key%253D3MVG9KI2HHAq33RwCPH5bNzAHbOgfiicjJ6HjvVfNhGU8aWXGl6ps.vsEzobCPqRXuDcmeV2Baw%25253D%25253D%2526oauth_nonce%253D7188823967346491475%2526oauth_signature_method%253DRSA-SHA1%2526oauth_timestamp%253D1492306511

&oauth_signature_method=RSA-SHA1

I'm not sure what I'm missing being an oauth newb and all.

2 answers

Hi,

I am facing the same issue. did you solve that issue? 

if yes then please provide the solution

Hi,

After one week I solved the same problem.

At first, it is not important which protocoll you use, my application (HTTPS) is able to communicate to JIRA (http).

Be sure to configure your application link correctly.  This website helped me: Configure Application Link .

You should also use the parameter 'oauth_callback'.

At first you have to create a correct base string, here is my code (PHP):

$paramValues = [];
    foreach($parameter as $key => $value){
        $key = rawurlencode($key);
        $value = urlencode($value);
        $paramValues[] = $key . '=' . $value;
    }
    ksort($paramValues);
    
    $baseString = strtoupper($pHttpMethod) . //would be POST
        '&' . rawurlencode('BASEURL/plugins/servlet/oauth/request-token') .
        '&' . rawurlencode(implode('&', $paramValues));

The variable $parameter (array) is like

'oauth_callback' => 'oob',

'oauth_consumer_key' => blabla.

and so on :)

Make sure your base string is correctly.

After that, you have to create the signature:

    $publicKey = openssl_pkey_get_public("file:..jira_publickey.pem");
    $certificate = openssl_pkey_get_private("file:..jira_privatekey.pem");
    $privateKey = openssl_get_privatekey($certificate);
    $rawSignature = '';

    openssl_sign($baseString,$rawSignature ,$privateKey, 'sha1WithRSAEncryption');

    $signCheck = openssl_verify($baseString, $rawSignature, $publicKey, OPENSSL_ALGO_SHA1);
    if($signCheck == 1 ){
        return base64_encode($rawSignature);
    } elseif ($signCheck == 0){
        return 0;
    } else {
      echo "Error". openssl_error_string();
    }
    openssl_free_key($publicKey);
    openssl_free_key($privateKey);

I used the algorithm sha1WithRSAEncryption but you can also use OPENSSL_ALGO_SHA1. I demonstrated it with openssl_verify.

It's important to encode your signature base64.

After that, you create a new array with all these paremeters with (!) oauth_signature:

'oauth_callback' => 'oob',
        'oauth_consumer_key' => yourconsumerkey,
        'oauth_nonce' => same nonce,
        'oauth_signature_method' => 'RSA-SHA1,
        'oauth_timestamp' => 'same timestamp',
        'oauth_version' => '1.0'
        'oauth_signature' => 'yourgeneratedSignature'

Be sure, the values are identical to your previous values, if you use an another timestamp or nonce the signature will be invalid.

$timestamp = time();
$nonce = rand(10000, 999999999);

After that, send your parameter to JIRA. My code:

$ch = curl_init();
    curl_setopt_array(
            $ch,
            [
                CURLOPT_POST => true,
                CURLOPT_URL => BASEURL/plugins/servlet/oauth/request-token . '?' . http_build_query($fullParameter),
                CURLOPT_RETURNTRANSFER => true,
                CURLOPT_SSL_VERIFYHOST => false,
                CURLOPT_SSL_VERIFYPEER => false,
            ]
            );
    $result = curl_exec($ch);

   curl_close($ch);

$fullParameter should also be an array.

I didn't touch the header or the body and it works fluently.

You should get the oauth_token and oauth_token_secret

In your Webbrowser type the URL: BASEURL/plugins/servlet/oauth/authorize ?oauth_token=your token.

you will see the JIRA Site.  If you set an URL in 'oauth_callback' JIRA will send the information back to that link.

This image is also very usefull:

OAuth 1.0a Authentication Process

I hope I could help you a bit, question me, if you are not sure :)

Kind Regards

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Friday in Agile

Are you a Jira Service Desk agent? We want to talk to you!

Are you a whiz at handling tickets and looking at how you can further optimize your workflow with automation? Do you tackle detailed customer support questions while simultaneously getting flooded wi...

52 views 0 2
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you