oauth signature

Is the Oauth signature in xep 235 actually calculated with the given
values (and all escaping correct)? I'm trying to implement it and I
get different values, while I can reproduce the sign of main oauth
specs

Besides fireeagle are there any other services for testing it?

--
ff

No, it's not.  Good catch.

The sample stanza has a signature of
"wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D" (which shouldn't be escaped, but is
still wrong).

The signature base string is correct (although Fire Eagle's
implementation requires bare JIDs).  The calculated signature
("Z0F5zmPWwbunk5dc2hNBn1NgBj4=") is also wrong (it should match the
example stanza).

The correct signature should be: 9PQkM4YKgaM067wqrDGshXOwDW0=

I know of 2 other client implementations in-progress, but no other
servers at the moment.

This was calculated using my fork of the OAuth gem
(github.com/mojodna/oauth - `sudo gem install mojodna-oauth`):

oauth --consumer-key 0685bd9184jfhq22 \
--consumer-secret consumersecret \
--token ad180jjd733klru7 \
--secret tokensecret \
--nonce 4572616e48616d6d65724c61686176 \
--timestamp 1218137833 \
--signature-method HMAC-SHA1 \
--uri "travelbot@.../bot&feeds.worldgps.tld" \
--xmpp \
debug

The output was:
OAuth parameters:
  oauth_nonce: 4572616e48616d6d65724c61686176
  oauth_signature_method: HMAC-SHA1
  oauth_token: ad180jjd733klru7
  oauth_timestamp: 1218137833
  oauth_consumer_key: 0685bd9184jfhq22
  oauth_version: 1.0

Method: iq
URI: travelbot@.../bot&feeds.worldgps.tld
Signature base string:
iq&travelbot%40findmenow.tld%2Fbot%26feeds.worldgps.tld&oauth_consumer_key%3D0685bd9184jfhq22%26oauth_nonce%3D4572616e48616d6d65724c61686176%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1218137833%26oauth_token%3Dad180jjd733klru7%26oauth_version%3D1.0

XMPP Stanza:
  <oauth xmlns='urn:xmpp:tmp:oauth'>
    <oauth_consumer_key>0685bd9184jfhq22</oauth_consumer_key>
    <oauth_token>ad180jjd733klru7</oauth_token>
    <oauth_signature_method>HMAC-SHA1</oauth_signature_method>
    <oauth_signature>9PQkM4YKgaM067wqrDGshXOwDW0=</oauth_signature>
    <oauth_timestamp>1218137833</oauth_timestamp>
    <oauth_nonce>4572616e48616d6d65724c61686176</oauth_nonce>
    <oauth_version>1.0</oauth_version>
  </oauth>

Note: You may want to use bare JIDs in your URI.

Signature:         9PQkM4YKgaM067wqrDGshXOwDW0=
Escaped signature: 9PQkM4YKgaM067wqrDGshXOwDW0%3D

I hope this helps.
seth

On Sun, Feb 15, 2009 at 10:31 AM, Fabio Forno <fabio.forno@...> wrote:

On Sun, Feb 15, 2009 at 7:54 PM, Seth Fitzsimmons <seth@...> wrote:

[...]
> This was calculated using my fork of the OAuth gem
> (github.com/mojodna/oauth - `sudo gem install mojodna-oauth`):
>

Thanks, I was getting the same signature string with my python code,
now I know it's correct ;)

I gave a try to the ruby gem too (installed switchboard, fire-hydrant
and oauth with "sudo gem install mojodna-oauth -s
http://gems.github.com"), but while switchboard works fine I can't run
the oauth gem, since I get

/usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in
`gem_original_require': no such file to load -- net/https (LoadError)
        from /usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in `require'
        from /var/lib/gems/1.8/gems/mojodna-oauth-0.3.1.6/lib/oauth/consumer.rb:2
        from /usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in
`gem_original_require'
        from /usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in `require'
        from /var/lib/gems/1.8/gems/mojodna-oauth-0.3.1.6/lib/oauth/client/helper.rb:2
        from /usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in
`gem_original_require'
        from /usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in `require'
        from /var/lib/gems/1.8/gems/mojodna-oauth-0.3.1.6/lib/oauth.rb:2
        from /usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in
`gem_original_require'
        from /usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in `require'
        from /var/lib/gems/1.8/gems/mojodna-oauth-0.3.1.6/lib/oauth/cli.rb:2
        from /usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in
`gem_original_require'
        from /usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in `require'
        from /var/lib/gems/1.8/gems/mojodna-oauth-0.3.1.6/bin/oauth:3
        from /var/lib/gems/1.8/bin/oauth:19:in `load'
        from /var/lib/gems/1.8/bin/oauth:19


(installed also other gems that were missing, but I can't figure out
what is missing now, since I really don't know ruby)

> Note: You may want to use bare JIDs in your URI.

Is fireagle using bare JIDs? Or should the xep be fixed?

> Signature:         9PQkM4YKgaM067wqrDGshXOwDW0=
> Escaped signature: 9PQkM4YKgaM067wqrDGshXOwDW0%3D
>
> I hope this helps.
> seth

sure, thanks!
--
Fabio Forno, Ph.D.
Bluendo srl http://www.bluendo.com
jabber id: ff@...

> Thanks, I was getting the same signature string with my python code,
> now I know it's correct ;)

Yay!

> I gave a try to the ruby gem too (installed switchboard, fire-hydrant
> and oauth with "sudo gem install mojodna-oauth -s
> http://gems.github.com"), but while switchboard works fine I can't run
> the oauth gem, since I get
>
> /usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in
> `gem_original_require': no such file to load -- net/https (LoadError)

You need to install ruby-openssl to get Net::HTTPS.  You're on Debian
/ Ubuntu, right?

> (installed also other gems that were missing, but I can't figure out
> what is missing now, since I really don't know ruby)

What other gems were missing?  I.e., are they dependencies that aren't
listed properly?

>> Note: You may want to use bare JIDs in your URI.
>
> Is fireagle using bare JIDs? Or should the xep be fixed?

Fire Eagle is using bare JIDs (for now; I need to fix this).  The XEP
says that full JIDs can be used.  I think that's right.

seth

On Sun, Feb 15, 2009 at 9:57 PM, Seth Fitzsimmons <seth@...> wrote:

>> /usr/lib/ruby/1.8/rubygems/custom_require.rb:27:in
>> `gem_original_require': no such file to load -- net/https (LoadError)
>
> You need to install ruby-openssl to get Net::HTTPS.  You're on Debian
> / Ubuntu, right?
>

perfect! now everything works with switchboard. Just one minor quirk
while installing: fire-hydrant exactly requires switchboard 0.0.11,
while from github you get switchboard 0.0.12 (installed by telling gem
to ignore dependencies, perhaps that's the reason of the missing gems
below)

>> (installed also other gems that were missing, but I can't figure out
>> what is missing now, since I really don't know ruby)
>
> What other gems were missing?  I.e., are they dependencies that aren't
> listed properly?

When started it failed to load echoe and cucumber, which made to
automatically install a bunch of other gems


thanks

--
Fabio Forno, Ph.D.
Bluendo srl http://www.bluendo.com
jabber id: ff@...

> perfect! now everything works with switchboard. Just one minor quirk
> while installing: fire-hydrant exactly requires switchboard 0.0.11,
> while from github you get switchboard 0.0.12 (installed by telling gem
> to ignore dependencies, perhaps that's the reason of the missing gems
> below)

Ah...  Thanks.  fire-hydrant is fixed and re-published as 0.0.4.  That
does sound like a likely cause for the other missing gems.

seth

Seth Fitzsimmons wrote: I'll fix the spec soon (in the next few days).

/psa

On 2/15/09 10:54 AM, Seth Fitzsimmons wrote:
> No, it's not.  Good catch.
>
> The sample stanza has a signature of
> "wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D" (which shouldn't be escaped, but is
> still wrong).

I've removed escaping from the XEP.

> The signature base string is correct (although Fire Eagle's
> implementation requires bare JIDs).  The calculated signature
> ("Z0F5zmPWwbunk5dc2hNBn1NgBj4=") is also wrong (it should match the
> example stanza).

Right.

> The correct signature should be: 9PQkM4YKgaM067wqrDGshXOwDW0=

Fixed.

Peter

--
Peter Saint-Andre
https://stpeter.im/