Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

OAuth response invalid_signature - what parameters required to generate signature?



I'm trying to authenticate with OAuth and am having trouble getting an auth token.  I keep getting the following response.

400 Bad Request

X-Dns-Prefetch-Control: off
X-Frame-Options: DENY
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
X-Trello-Version: 1.2317.0
X-Trello-Environment: Production
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Headers: Authorization, Accept, Content-Type
Access-Control-Expose-Headers: x-rate-limit-api-key-interval-ms, x-rate-limit-api-key-max, x-rate-limit-api-key-remaining, x-rate-limit-api-token-interval-ms, x-rate-limit-api-token-max, x-rate-limit-api-token-remaining
Content-Type: text/plain; charset=utf-8
Content-Length: 17
Date: Mon, 04 Jan 2021 03:34:24 GMT
X-Envoy-Upstream-Service-Time: 71
Expect-Ct: report-uri="", max-age=86400
Strict-Transport-Security: max-age=63072000; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Server: globaledge-envoy

Invalid Signature

I'm using a language (AHK) that does NOT have a pre built library for Authorizing with Trello so have built my own.  

I don't see it anywhere specified in the Trello docs as to what parameters will be used to generate the signature that will be checked on Trellos end.  I believe I am using the correct data as laid out in OAuth 1.0 as specified on the developer page . 

The signatutre_base_string I'm generating my signature for is as follows (personal info masked)


 which generated the following Authorization Header

(personal info masked and added line breaks for readability)

Authorization: OAuth 

 I'm sure that I'm generating the signature correctly as I get the exact same signature when using any of the online HMAC-SHA1 signature generators.

I'm thinking that I might be missing some kind of required parameter that Trello is including when they generate the signature for verification.


Is there any document that lays out exactly what parameters need to be returned for the authorization? or what the header is expected to look like/contain?



1 answer

1 accepted

0 votes
Answer accepted

I was able to figure out my issue, and hope this might help someone.  

It turns out that I had an error in the generation of my Authorization header, which gave me an different signature than Trello calculated.  I had failed to percent encode my callback url twice.  It needs to be percent encoded when initially adding it to the parameter sting, and then a second time when the entire parameter string is percent encoded.

I was able to figure this out while using the authorization header generator located here.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Trello

📹 Favorite Trello templates

Hello Community!  My name is Brittany Joiner and I am a Trello enthusiast and Atlassian Community Leader. In this video, I'll share my favorite Trello templates. Templates mentioned in ...

3,635 views 25 63
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you