No announcement yet.

crypto_hmac_sha1() and oauth

  • Filter
  • Time
  • Show
Clear All
new posts

    crypto_hmac_sha1() and oauth

    Has anyone successfully managed to get Oauth working with Mivascript?

    I've found the following Oauth test site:

    and have the following Mivascript code:

        	<mvassign name="oauth_consumer_key" value="key" />
        	<mvassign name="oauth_signature_method" value="HMAC-SHA1" />
        	<mvassign name="oauth_version" value="1.0" />
        	<mvassign name="oauth_timestamp" value="{dyn_time_t}" />
        	<mvassign name="oauth_nonce" value="{makesessionid( )}" />
        	<mvassign name="l.key" value="secret" />
    <mvassign name="l.signaturebase" value="{'GET&' $ encodeattribute(l.RequestTokenURL) $ '&oauth_consumer_key%3D' $ oauth_consumer_key $ '%26oauth_nonce%3D' $ oauth_nonce $ '%26oauth_signature_method%3D' $ oauth_signature_method $ '%26oauth_timestamp%3D' $ oauth_timestamp $ '%26oauth_version%3D1.0'}" />
        	<mvassign name="l.ok" value="{crypto_hmac_sha1(l.signaturebase, l.key, 'bin', oauth_signature)}" />
        	<mvassign name="oauth_signature" value="{crypto_base64_encode(oauth_signature)}" />
        	<mvcall action="{l.RequestTokenURL $ '?oauth_consumer_key=' $ oauth_consumer_key $ '&oauth_nonce=' $ oauth_nonce $ '&oauth_signature_method=' $ oauth_signature_method $ '&oauth_timestamp=' $ oauth_timestamp $ '&oauth_version=' $ oauth_version  $ '&oauth_signature=' $ encodeattribute(oauth_signature)}" method="GET">
        		<mveval expr="{callvalue}" />
    I keep getting an "invalid signature" response, but I'm not quite sure where I've gone wrong.
    Christopher Cookson
    Create IT Powered by Webpression CMS

    Re: crypto_hmac_sha1() and oauth

    I haven't worked with HMAC specifically, but I've done a number of projects that involved encrypting data in Miva Script, and then passing it to another server. From experience, I can suggest that you go over the details carefully. Make sure there's no extra white space in any of the strings, etc. You may need the Oauth folks to take a lok, so they can give you a better description than the short error message.

    Hope that helps -- Kent
    Kent Multer
    Magic Metal Productions
    * Web developer/designer
    * E-commerce and Miva
    * Author, The Official Miva Web Scripting Book -- available on-line:


      Re: crypto_hmac_sha1() and oauth

      I'm wanting to use Oauth with Twitter. I had a script working nicely with basic authentication, but Twitter no longer supports this.

      The oauth test site I linked to is useful as it gives the ability to work with some controlled values to get things up and going.
      Although it gives some diagnostics, it doesn't actually return what the signature SHOULD be so I can figure out whether the crypto_hmac_sha1 and subsequent crypto_base64_encode are actually returning the correct value.
      Christopher Cookson
      Create IT Powered by Webpression CMS


        I know that I'm a bit late to this thread, but I got OAuth 1.0 working on my end (for integration with netsuite). Here's the relevant code (including a JSON function I grabbed from

        Note the config object, it has the following keys: ConsumerKey, ConsumerSecret, TokenId, TokenSecret, CompanyId, RESTLetEndpoint
        Last edited by NLaQuet; 07-02-18, 05:33 AM.


          Very nice, thanks for sharing!
          M.A.D.* since 1997

          *miva application developers