Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

REST Api Oauth Invalid Signature

Brendan Wlaton
Brendan Wlaton April 15, 2017

I'm getting an error when trying to request a request token via the REST API. This is what I am sending as my bas string (before encrypting)

POST&https%3A%2F%2Fgnerbdev.atlassian.net%2Fplugins%2Fservlet%2Foauth%2Frequest-token&oauth_consumer_key%3D3MVG9KI2HHAq33RwCPH5bNzAHbOgfiicjJ6HjvVfNhGU8aWXGl6ps.vsEzobCPqRXuDcmeV2Baw%3D%3D%26oauth_nonce%3D7188823967346491475%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1492306511

Below is what I am recieving.

18:35:11:202 USER_DEBUG 
[30]|DEBUG|oauth_problem=signature_invalid

&oauth_signature=<redacted because apparently atlassian doesn't want me to put this in the question>

&oauth_signature_base_string=POST%26https%253A%252F%252Fgnerbdev.atlassian.net%252Fplugins%252Fservlet%252Foauth%252Frequest-token%26oauth_consumer_key%253D3MVG9KI2HHAq33RwCPH5bNzAHbOgfiicjJ6HjvVfNhGU8aWXGl6ps.vsEzobCPqRXuDcmeV2Baw%25253D%25253D%2526oauth_nonce%253D7188823967346491475%2526oauth_signature_method%253DRSA-SHA1%2526oauth_timestamp%253D1492306511

&oauth_signature_method=RSA-SHA1

I'm not sure what I'm missing being an oauth newb and all.

Answer
Watch
Like Be the first to like this
2318 views

2 answers

0 votes
Hobareda
Hobareda August 11, 2017

Hi,

After one week I solved the same problem.

At first, it is not important which protocoll you use, my application (HTTPS) is able to communicate to JIRA (http).

Be sure to configure your application link correctly.  This website helped me: Configure Application Link .

You should also use the parameter 'oauth_callback'.

At first you have to create a correct base string, here is my code (PHP):

$paramValues = [];
    foreach($parameter as $key => $value){
        $key = rawurlencode($key);
        $value = urlencode($value);
        $paramValues[] = $key . '=' . $value;
    }
    ksort($paramValues);
    
    $baseString = strtoupper($pHttpMethod) . //would be POST
        '&' . rawurlencode('BASEURL/plugins/servlet/oauth/request-token') .
        '&' . rawurlencode(implode('&', $paramValues));

The variable $parameter (array) is like

'oauth_callback' => 'oob',

'oauth_consumer_key' => blabla.

and so on :)

Make sure your base string is correctly.

After that, you have to create the signature:

    $publicKey = openssl_pkey_get_public("file:..jira_publickey.pem");
    $certificate = openssl_pkey_get_private("file:..jira_privatekey.pem");
    $privateKey = openssl_get_privatekey($certificate);
    $rawSignature = '';

    openssl_sign($baseString,$rawSignature ,$privateKey, 'sha1WithRSAEncryption');

    $signCheck = openssl_verify($baseString, $rawSignature, $publicKey, OPENSSL_ALGO_SHA1);
    if($signCheck == 1 ){
        return base64_encode($rawSignature);
    } elseif ($signCheck == 0){
        return 0;
    } else {
      echo "Error". openssl_error_string();
    }
    openssl_free_key($publicKey);
    openssl_free_key($privateKey);

I used the algorithm sha1WithRSAEncryption but you can also use OPENSSL_ALGO_SHA1. I demonstrated it with openssl_verify.

It's important to encode your signature base64.

After that, you create a new array with all these paremeters with (!) oauth_signature:

'oauth_callback' => 'oob',
        'oauth_consumer_key' => yourconsumerkey,
        'oauth_nonce' => same nonce,
        'oauth_signature_method' => 'RSA-SHA1,
        'oauth_timestamp' => 'same timestamp',
        'oauth_version' => '1.0'
        'oauth_signature' => 'yourgeneratedSignature'

Be sure, the values are identical to your previous values, if you use an another timestamp or nonce the signature will be invalid.

$timestamp = time();
$nonce = rand(10000, 999999999);

After that, send your parameter to JIRA. My code:

$ch = curl_init();
    curl_setopt_array(
            $ch,
            [
                CURLOPT_POST => true,
                CURLOPT_URL => BASEURL/plugins/servlet/oauth/request-token . '?' . http_build_query($fullParameter),
                CURLOPT_RETURNTRANSFER => true, 
                CURLOPT_SSL_VERIFYHOST => false,
                CURLOPT_SSL_VERIFYPEER => false,
            ]
            );
    $result = curl_exec($ch);

   curl_close($ch);

$fullParameter should also be an array.

I didn't touch the header or the body and it works fluently.

You should get the oauth_token and oauth_token_secret

In your Webbrowser type the URL: BASEURL/plugins/servlet/oauth/authorize ?oauth_token=your token.

you will see the JIRA Site.  If you set an URL in 'oauth_callback' JIRA will send the information back to that link.

This image is also very usefull:

OAuth 1.0a Authentication Process

I hope I could help you a bit, question me, if you are not sure :)

Kind Regards

Reply
0 votes
shakir ullah
shakir ullah May 12, 2017

Hi,

I am facing the same issue. did you solve that issue? 

if yes then please provide the solution

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events