[GH-ISSUE #42] OAuth1 signature error (HMAC & SHA1) #24

New issue

Closed

opened 2026-03-03 16:44:53 +03:00 by kerem · 3 comments

kerem commented

2026-03-03 16:44:53 +03:00

Owner

Originally created by @ramki1979 on GitHub (Apr 6, 2015).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/42

I manually included all files in my project target for iOS 7, and when I try to log into linkedin I got a Signature Invalid exception. After debugging The base string is correct but the signature generated is wrong.

OAuthSwift implemented its own HMAC and SHA1 algorithms, so I don't see I have to include any additional crypto libraries.

Am I missing any project settings or libraries/frameworks.

Originally created by @ramki1979 on GitHub (Apr 6, 2015). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/42 I manually included all files in my project target for iOS 7, and when I try to log into linkedin I got a Signature Invalid exception. After debugging The base string is correct but the signature generated is wrong. OAuthSwift implemented its own HMAC and SHA1 algorithms, so I don't see I have to include any additional crypto libraries. Am I missing any project settings or libraries/frameworks.

kerem closed this issue

2026-03-03 16:44:53 +03:00

kerem commented

2026-03-03 16:44:54 +03:00

Author

Owner

@gabriel-jones commented on GitHub (Apr 6, 2015):

Could you show us your signed url? Also, have you fixed the errors in the project shown in issue #31 ?

@gabriel-jones commented on GitHub (Apr 6, 2015): Could you show us your signed url? Also, have you fixed the errors in the project shown in issue #31 ?

kerem commented

2026-03-03 16:44:54 +03:00

Author

Owner

@ramki1979 commented on GitHub (Apr 6, 2015):

I use this online tool for signature verification:
http://oauth.googlecode.com/svn/code/javascript/example/signature.html

LinkedIn API Endpoint:
https://api.linkedin.com/uas/oauth/requestToken
CallBack_Url: oauth-swift://oauth-callback/linkedin

Base String:
POST&https%3A%2F%2Fapi.linkedin.com%2Fuas%2Foauth%2FrequestToken&oauth_callback%3Doauth-swift%253A%252F%252Foauth-callback%252Flinkedin%26oauth_consumer_key%3D75h09kl7bn1jlv%26oauth_nonce%3D3B933B52%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1428324880%26oauth_version%3D1.0

OAuth Swift Generated signature:
sign: <8e161214 efefeea1 bb9cf526 3aeb3df0 abc65ce7> 
jhYSFO/v7qG7nPUmOus98KvGXOc=

Online Tool Generated signature for the same base string:
5r3+m1qhP9q89YthDQQ4oKtDNyE=

I have developed my own oauth1 and oauth2 libraries in C [used opensource HMAC-sha1] for another mobile platform a couple of years back, so I am very well aware of OAuth 1 & 2 specs.

As the same is working for other users, I feel I might missed some swift knowledge or settings here.

#31 I have updated my comment with correct fork that builds for ios 7.

@ramki1979 commented on GitHub (Apr 6, 2015): I use this online tool for signature verification: http://oauth.googlecode.com/svn/code/javascript/example/signature.html ``` LinkedIn API Endpoint: https://api.linkedin.com/uas/oauth/requestToken CallBack_Url: oauth-swift://oauth-callback/linkedin Base String: POST&https%3A%2F%2Fapi.linkedin.com%2Fuas%2Foauth%2FrequestToken&oauth_callback%3Doauth-swift%253A%252F%252Foauth-callback%252Flinkedin%26oauth_consumer_key%3D75h09kl7bn1jlv%26oauth_nonce%3D3B933B52%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1428324880%26oauth_version%3D1.0 OAuth Swift Generated signature: sign: <8e161214 efefeea1 bb9cf526 3aeb3df0 abc65ce7> jhYSFO/v7qG7nPUmOus98KvGXOc= Online Tool Generated signature for the same base string: 5r3+m1qhP9q89YthDQQ4oKtDNyE= ``` I have developed my own oauth1 and oauth2 libraries in C [used opensource HMAC-sha1] for another mobile platform a couple of years back, so I am very well aware of OAuth 1 & 2 specs. As the same is working for other users, I feel I might missed some swift knowledge or settings here. #31 I have updated my comment with correct fork that builds for ios 7.

kerem commented

2026-03-03 16:44:54 +03:00

Author

Owner

@ramki1979 commented on GitHub (Apr 7, 2015):

This issue is related to OAuthSwift fork https://github.com/WazzeZ/OAuthSwift,

The signature key is set incorrectly,

The forks has the below code

var signingKey = "\(encodedConsumerSecret)"
if tokenSecret.length != 0 {
    signingKey += "&\(tokenSecret)"
}

Fix:

var signingKey = "\(encodedConsumerSecret)&\(tokenSecret)"

closing this issue.

@ramki1979 commented on GitHub (Apr 7, 2015): This issue is related to OAuthSwift fork https://github.com/WazzeZ/OAuthSwift, The signature key is set incorrectly, The forks has the below code ``` swift var signingKey = "\(encodedConsumerSecret)" if tokenSecret.length != 0 { signingKey += "&\(tokenSecret)" } ``` Fix: ``` swift var signingKey = "\(encodedConsumerSecret)&\(tokenSecret)" ``` closing this issue.

kerem referenced this issue

2026-03-03 16:49:05 +03:00

[PR #24] [MERGED] Added NSCoding to OAuthSwiftCredential for easy storage in the Keychain. #487