Announcement Announcement Module
Collapse
No announcement yet.
Invalid signature for signature method HMAC-SHA1 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Invalid signature for signature method HMAC-SHA1

    I periodically get this when testing and from what I can tell the input values match but the signatures don't

    Douglas

  • #2
    I figured it out.

    Turns out that the HMAC signature can have spaces which means that you need to URL encode the signature prior to adding it to the header.

    Also the token secret comes back encoded so that needs to be decoded prior to signing.

    Comment


    • #3
      There was a fix last week for spaces in signatures. Can you try a snapshot and verify that it works in your use case (hopefully out of the box)?

      Comment


      • #4
        Originally posted by thedug View Post
        I figured it out.

        Turns out that the HMAC signature can have spaces which means that you need to URL encode the signature prior to adding it to the header.

        Also the token secret comes back encoded so that needs to be decoded prior to signing.
        @thedug, did you notice this issue on `spring-security-oauth-3.19.jar`?

        Thanks.

        Comment


        • #5
          3.19 is probably old code from the codehaus days. Please update to the latest from github/maven (org.springframework.security.oauth:spring-security-oauth).

          Comment

          Working...
          X