OAuth1 icon indicating copy to clipboard operation
OAuth1 copied to clipboard

Published 20 hours ago verified publisher icon WP-API

Consumer Key is invalid

Open rubenhak opened this issue 8 years ago • 6 comments

Hi, I'm trying to configure wordpress with REST API v2 and OAuth v1. I'm getting "Consumer Key is invalid" error when trying to get request token.

Using: -) WordPress 4.5.2 -) WP REST API Version 2.0-beta13 -) WP REST API - OAuth 1.0a Server Version 0.2.1

I make a request using Postman. I populate Consumer Key and Consumer Secret as "Client Key" and "Client Secret" from Users -> Applications. The request looks like this:

POST http://mywebsite.com/oauth1/request Header: Authorization = OAuth oauth_consumer_key="jUJGnMAraw31",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1463209626",oauth_nonce="LQfekq",oauth_version="1.0",oauth_signature="S%2BG3ze8rxBMW2AVI550HICQYCNU%3D"

Returned error is 401: Consumer Key is invalid.

Please help to resolve this.

Thanks, Ruben

rubenhak avatar May 14 '16 07:05 rubenhak

@rubenhak are you still seeing this? Could you try the latest version of WordPress and the OAuth plugin?

joehoyle avatar Oct 11 '16 16:10 joehoyle

I'm also getting this response.

My setup is:

Wordpress: 4.6.1 WP REST API: 2.0-beta15 WP REST API - OAuth 1.0a Server: 0.3.0

In my case this is being served by Nginx which I believe is the problem, but I can't find a solution for it.

Any help is appreciated.

Thanks

ricardogomes avatar Oct 12 '16 09:10 ricardogomes

As I was learning OAuth1.0a and came across signing issues, I found it useful to write some things to a log file to see what was going wrong.

Particularly the $key being used and the $string_to_sign around line 684 of class-wp-rest-oauth1.php

Also try inspecting what's going on in the get_parameters function around line 90 to see what headers and parameters are being sent, and if they have been encoded correctly.

kosso avatar Oct 12 '16 10:10 kosso

@rubenhak Just one idea that I had from something I came across a while ago: Have you tried sorting your oauth_* parameters alphabetically first? (If Postman can do this)

kosso avatar Oct 12 '16 10:10 kosso

I don't think this has to do with the signature, the Consumer Key is a straight up match to the Application, I think it's more likely that there's something stopping the application being found by the meta_value in the WP_Query here https://github.com/WP-API/OAuth1/blob/master/lib/class-wp-rest-client.php#L133 (see this error returned at https://github.com/WP-API/OAuth1/blob/master/lib/class-wp-rest-client.php#L154)

Is it possible there's some plugin that's changing the WP_Query SQL query or something like that?

joehoyle avatar Oct 12 '16 12:10 joehoyle

@joehoyle I had a similar issue in that area quite some time ago, but it went away/got resolved https://github.com/WP-API/OAuth1/issues/94

kosso avatar Oct 12 '16 12:10 kosso