skip to Main Content

I call the Magento API with the following Autherization as header,

auth = "OAuth oauth_consumer_key=**********************,oauth_consumer_secret=****************,oauth_token=************,oauth_token_secret=**************,oauth_signature_method=HMAC-SHA1,oauth_timestamp=" + ConstantFunctions.GetTimeStamp() + ",oauth_nonce=" + ConstantFunctions.GetNonce() + ",oauth_signature=*******************) ;

While I call the API,
Getting error oauth_problem=signature_invalid .All other parameters validate successfully but got an error in the signature,
I try the following code to generate the signature,

     public static String GETHMACSHA1(String value, String key)
            throws UnsupportedEncodingException, NoSuchAlgorithmException,
            InvalidKeyException {
        String type = "HmacSHA1";
        SecretKeySpec secret = new SecretKeySpec(key.getBytes(), type);
        Mac mac = Mac.getInstance(type);
        mac.init(secret);
        byte[] bytes = mac.doFinal(value.getBytes());
        return bytesToHex(bytes);
    }

    private final static char[] hexArray = "0123456789abcdef".toCharArray();

    private static String bytesToHex(byte[] bytes) {
        char[] hexChars = new char[bytes.length * 2];
        int v;
        for (int j = 0; j < bytes.length; j++) {
            v = bytes[j] & 0xFF;
            hexChars[j * 2] = hexArray[v >>> 4];
            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
        }
        return new String(hexChars);
    }

I pass the oauth_consumer_secret and oauth_token_secret as the parameter to get signature . But its still get the same error.

How to generate the signature in android and which value I need to pass to get the same?

2

Answers


  1. Chosen as BEST ANSWER

    We didn't need to pass all the attribute as auth, retrofit itself handle this, we need to pass only the CONSUMER_KEY, CONSUMER_SECRET, ACCESS_TOKEN and TOKEN_SECRET.

    By following this

    ApiUtils class will be like,

    Kotlin

    class ApiUtils {
    companion object {
        fun getAPIService(): APIService? {
            val consumer = OkHttpOAuthConsumer(BuildConfig.CONSUMER_KEY, BuildConfig.CONSUMER_SECRET)
            consumer.setTokenWithSecret(BuildConfig.ACCESS_TOKEN, BuildConfig.TOKEN_SECRET)
            return RetrofitClient.getClient(BuildConfig.BASE_URL, consumer)?.create(APIService::class.java)
        }
    }
    

    }

    Android Java

    public class ApiUtils {
    
        private ApiUtils() {
        }
    
        private static final String BASE_URL = BuildConfig.BASE_URL;
    
        public static APIService getAPIService() {
    
            OkHttpOAuthConsumer consumer = new OkHttpOAuthConsumer(BuildConfig.CONSUMER_KEY, BuildConfig.CONSUMER_SECRET);
            consumer.setTokenWithSecret(BuildConfig.ACCESS_TOKEN, BuildConfig.TOKEN_SECRET);
    
            OkHttpClient client = new OkHttpClient.Builder()
                    .addInterceptor(new SigningInterceptor(consumer))
                    .build();
            return RetrofitClient.getClient(BASE_URL, client).create(APIService.class);
        }
    }
    

    and for RetrofitClient Class

    Kotlin

        class RetrofitClient {
        companion object {
            private var retrofit: Retrofit? = null
            private val gSON = GsonBuilder()
                .setLenient()
                .create()
    
            fun getClient(baseUrl: String, consumer: OkHttpOAuthConsumer): Retrofit? {
                val logging = HttpLoggingInterceptor()
                if (BuildConfig.DEBUG) {
                    logging.level = HttpLoggingInterceptor.Level.BODY
                } else {
                    logging.level = HttpLoggingInterceptor.Level.NONE
                }
    
                val httpClient = OkHttpClient.Builder()
                httpClient.connectTimeout(60000, TimeUnit.SECONDS)
                httpClient.writeTimeout(120000, TimeUnit.SECONDS)
                httpClient.readTimeout(120000, TimeUnit.SECONDS)
                httpClient.retryOnConnectionFailure(true)
                httpClient.addInterceptor(SigningInterceptor(consumer))
                httpClient.addInterceptor { chain ->
                    val request = chain.request()
                    val requestBuilder = request.newBuilder()
                        .header(HEADER_CONTENT_TYPE_KEY, PreferenceHandler.getContentType())
                        .header(HEADER_ACCEPT_KEY, PreferenceHandler.getAcceptType())
                        .header(HEADER_CACHE_CONTROL_KEY, PreferenceHandler.getCacheControl())
                    val modifiedRequest = requestBuilder.build()
                    chain.proceed(modifiedRequest)
                }
    
                httpClient.addNetworkInterceptor(logging)
    
                if (retrofit == null) {
                    retrofit = Retrofit.Builder()
                        .baseUrl(baseUrl)
                        .addConverterFactory(GsonConverterFactory.create(gSON))
                        .client(httpClient.build())
                        .build()
                }
                return retrofit
            }
    
        }
    }
    

    Android java

    public class RetrofitClient {
    
        private static Retrofit retrofit = null;
    
        public static Retrofit getClient(String baseUrl,OkHttpClient client) {
            if (retrofit == null) {
                retrofit = new Retrofit.Builder()
                        .baseUrl(baseUrl)
                        .client(client)
                        .addConverterFactory(GsonConverterFactory.create())
                        .build();
            }
            return retrofit;
        }
    }
    

  2. For Oauth i dont think you should be passing CS and TS . You need to concatenate a set of URL-encoded attributes and parameters to construct the signature base string. please refer –
    devdocs.magento.com/guides/v2.0/get-started/authentication/

    so in other words, one of the params in SHA1 will be an encoded url
    and it should be in a specific format starting with HTTP method.

    enter image description here

    the url should contains the above params before encoding.

    i did a similar Oauth authentication in Woocommerce API for android please refer this gist url for more info.

    https://gist.github.com/Muneefm/f4c08b2aa3accd57fa890156f74e619a

    in this check the method called getLoginUrl() . in which i have concatenate the url.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search