am having problem with expanding more than one argument where trying to retrieve a title.
and i can't figure out why???
when i expand only one argument like:
http://api.netflix.com/catalog/titles/movies/70071613?expand=cast&oauth_consumer_key=<my consumer key>&oauth_nonce=75237783735129&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1230711024&oauth_version=1.0&oauth_signature=f9mpoL%2BvOwZjSawCcwRsfqs4nyY%3D
everything is fine.
but when i add:
http://api.netflix.com/catalog/titles/movies/70071613?expand=cast%2Cdirectors&oauth_consumer_key=<my consumer key>&oauth_nonce=75205356160473&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1230710992&oauth_version=1.0&oauth_signature=luddkBwI73cP5NrfrMrnvcXil9Q%3D
or (encode the comma)
http://api.netflix.com/catalog/titles/movies/70071613?expand=cast,directors&oauth_consumer_key=<my consumer key>&oauth_nonce=75205356160473&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1230710992&oauth_version=1.0&oauth_signature=luddkBwI73cP5NrfrMrnvcXil9Q%3D
the response i get is always "Invalid Signature".
i imagine it has something to do with encoding...
i use standard java.net.URLEncoder.encode( phrase, "UTF-8" ) to encode my data.
I'm a little confused. The signature should be generated from the arguments you pass. You shouldn't have to construct the expand element after you generate the signature. I'm also a little concerned that your example signatures matched. Was that on purpose or just you cutting and pasting?
What library are you using to generate the signature?
I ran into this problem using the objective C OAuth code adapted for the iPhone. I had to modify the code to make sure that commas got escaped when the signature was computed. When I form the URL, I use literal commas to separate expansion parameters. The OAuth library escapes the commas to compute the signature. The URL passed to the Netflix API uses literal commas.
Unknown – 11 months ago
Thanks for the help guys.
JR Conlin: the duplication of the signature is just copy and paste, don't worry about it.
to generate my signature i use standard sun library:
// get an hmac_sha1 key from the raw key bytes
SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), HMAC_SHA1_ALGORITHM);
// get an hmac_sha1 Mac instance and initialize with the signing key
Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
mac.init(signingKey);
// compute the hmac on input data bytes
byte[] rawHmac = mac.doFinal(data.getBytes());
// base64-encode the hmac
byte[] base64 = Base64.encodeBase64(rawHmac);
String result = new String(base64);
return result;
Rich Knox: i thing understand what you are saying, and i tried to implement it. but with no luck...
check out this most basic example:
Any more information here? I am using the OathBase C# library. I added the comma to the unreservedChars string, but I still got the invalid signature error.
Well, one thing that might be causing the problem is that C#'s URL encoder tends to return lower case hex values for encoded characters. In addition, OAuth has a subset of additional characters that it needs to have converted into hex.
If you're interested in developing your own library, I'd recommend using the "advanced" feature of the OAuth Test Page so that you can compare the SBS you're generating to the SBS that I generate. Pay attention to things like escaped characters and formatting, since the encoding takes all of those into consideration when generating the signature value.
If you're not interested in generating your own library, I'd recommend using one of the existing OAuth libraries (C# users, please remember to note that library requires you to call a special URL Encoder method when compiling the request.)
I am using the OauthBase C# library that was recommended on this site. It seems to return upper case hex values, and I don't run into any issues with anything except for the comma mentioned earlier in this thread. It does not seem to matter if the comma is URL Encoded or not. Neither seems to work for the expansion. Izik's explanation above is exactly what I'm struggling with as well. I assume that this problem must have been solved for the previous posters since none of them have reposted in the last six months, but I still can't get it.
Please confirm that the comma between cast and synopsis is being correctly percent-encoded to a %2C ... if it is, please post a signed call that worked (to cast only) and a signed call that did not work (to cast and synopsis).
Ah, sorry if I stated the obvious then. I'm not really an expert on C#, so I don't have a dev environment I can test it on easily. What you can do to test things out is to use the OAuthTest Page: <http://developer.netflix.com/resources/OAuthTest>
If you click on the gray "advanced" to the bottom right of the form you'll get some additional fields as well as get to see the SBS that's used to generate the signature value. (To note, that page seems to double encode commas as %252C, where Flixo allows them through unchanged. Either work.)
My gut reaction is that the SBS that the C# library is building is different than the URL values you're providing, (e.g. the SBS is using "expands=cast%2Csynopsis" where you're building your URL with "expands=cast,synopsis") Unfortunately (and if I remember correctly) that library only returns you the signature value, not the string that was generated to provide that value.
I can try poking around a bit inside the library and see if I can spot anything odd, but again, C# isn't really my area.
Thanks much for the quick responses. I got Rich Knox's suggestion exactly backwards and I was sending the literal comma to the Oauth algorithm instead of URL encoding the comma for the query line parameters. The test page is helpful and you suggestion was also spot on, Kent. Thanks again.
Hi,
am having problem with expanding more than one argument where trying to retrieve a title.
and i can't figure out why???
when i expand only one argument like:
http://api.netflix.com/catalog/titles/movies/70071613?expand=cast&oauth_consumer_key=<my consumer key>&oauth_nonce=75237783735129&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1230711024&oauth_version=1.0&oauth_signature=f9mpoL%2BvOwZjSawCcwRsfqs4nyY%3D
everything is fine.
but when i add:
http://api.netflix.com/catalog/titles/movies/70071613?expand=cast%2Cdirectors&oauth_consumer_key=<my consumer key>&oauth_nonce=75205356160473&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1230710992&oauth_version=1.0&oauth_signature=luddkBwI73cP5NrfrMrnvcXil9Q%3D
or (encode the comma)
http://api.netflix.com/catalog/titles/movies/70071613?expand=cast,directors&oauth_consumer_key=<my consumer key>&oauth_nonce=75205356160473&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1230710992&oauth_version=1.0&oauth_signature=luddkBwI73cP5NrfrMrnvcXil9Q%3D
the response i get is always "Invalid Signature".
i imagine it has something to do with encoding...
i use standard java.net.URLEncoder.encode( phrase, "UTF-8" ) to encode my data.
cheers for the help
Rami
Tags
JR Conlin – 11 months ago
I'm a little confused. The signature should be generated from the arguments you pass. You shouldn't have to construct the expand element after you generate the signature. I'm also a little concerned that your example signatures matched. Was that on purpose or just you cutting and pasting?
What library are you using to generate the signature?
Rich Knox – 11 months ago
I ran into this problem using the objective C OAuth code adapted for the iPhone. I had to modify the code to make sure that commas got escaped when the signature was computed. When I form the URL, I use literal commas to separate expansion parameters. The OAuth library escapes the commas to compute the signature. The URL passed to the Netflix API uses literal commas.
Unknown – 11 months ago
Thanks for the help guys.
JR Conlin: the duplication of the signature is just copy and paste, don't worry about it.
to generate my signature i use standard sun library:
// get an hmac_sha1 key from the raw key bytes
SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), HMAC_SHA1_ALGORITHM);
// get an hmac_sha1 Mac instance and initialize with the signing key
Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
mac.init(signingKey);
// compute the hmac on input data bytes
byte[] rawHmac = mac.doFinal(data.getBytes());
// base64-encode the hmac
byte[] base64 = Base64.encodeBase64(rawHmac);
String result = new String(base64);
return result;
Rich Knox: i thing understand what you are saying, and i tried to implement it. but with no luck...
check out this most basic example:
public static void main(String[] args) throws Exception
{
String baseUrl = "http://api.netflix.com/catalog/titles/movies/70071613";
String token = "";
String params =
"expand=cast" +
"&include_amg=true" +
"&include_tms=true" +
"&oauth_consumer_key=" + CONSUMER_KEY +
"&oauth_nonce=" + String.valueOf(System.nanoTime()) +
"&oauth_signature_method=HMAC-SHA1" +
"&oauth_timestamp=" + currentTimeSeconds()+
"&oauth_version=1.0";
String signatureBase = "GET&" + encode( baseUrl ) + "&" + encode( params );
System.out.println("signatureBase = " + signatureBase);
String signatureKey = SECRET + "&" + token;
String signature = HmacSha1.runHMAC( signatureBase, signatureKey );
System.out.println("signature = " + signature);
params += "&oauth_signature=" + encode(signature);
String url = baseUrl + "?" + params;
System.out.println("url = " + url);
}
private static String currentTimeSeconds()
{
long currentTimeMillis = System.currentTimeMillis();
long currentTimeSeconds = currentTimeMillis / 1000;
return String.valueOf( currentTimeSeconds );
}
private static String encode(String phrase) throws UnsupportedEncodingException
{
String encoded = URLEncoder.encode( phrase, "UTF-8" );
return encoded;
}
it works fine!
but if i change the line:
"expand=cast" +
to
"expand=cast,synopsis" +
it get notorious 'Invalid Signature' error.
any ideas?
Shanti – 5 months ago
Any more information here? I am using the OathBase C# library. I added the comma to the unreservedChars string, but I still got the invalid signature error.
JR Conlin – 5 months ago
Well, one thing that might be causing the problem is that C#'s URL encoder tends to return lower case hex values for encoded characters. In addition, OAuth has a subset of additional characters that it needs to have converted into hex.
If you're interested in developing your own library, I'd recommend using the "advanced" feature of the OAuth Test Page so that you can compare the SBS you're generating to the SBS that I generate. Pay attention to things like escaped characters and formatting, since the encoding takes all of those into consideration when generating the signature value.
If you're not interested in generating your own library, I'd recommend using one of the existing OAuth libraries (C# users, please remember to note that library requires you to call a special URL Encoder method when compiling the request.)
Shanti – 5 months ago
I am using the OauthBase C# library that was recommended on this site. It seems to return upper case hex values, and I don't run into any issues with anything except for the comma mentioned earlier in this thread. It does not seem to matter if the comma is URL Encoded or not. Neither seems to work for the expansion. Izik's explanation above is exactly what I'm struggling with as well. I assume that this problem must have been solved for the previous posters since none of them have reposted in the last six months, but I still can't get it.
Kent Brewster – 5 months ago
I've just tried this with the OAuth Walk-Through and the expanded cast + synopsis query seems to work. Here's my signed URL:
http://api.netflix.com/catalog/titles/movies/70071613?expand=cast%2Csynopsis&oauth_consumer_key=[my_key]&oauth_nonce=061734010666973&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1246910450&oauth_token=T1yCh8nK3IDXl7HlJusughzkdvkqCzcuSJRtBiknAXvqpu0f2kq3GXVSAAwib0SL.33_NBaOtdAKUez.vsDxI0Xw--&oauth_version=1.0&oauth_signature=04h%2B14G8uJwHYDy3Hawq5aYTQIc%3D
Please confirm that the comma between cast and synopsis is being correctly percent-encoded to a %2C ... if it is, please post a signed call that worked (to cast only) and a signed call that did not work (to cast and synopsis).
--Kent
JR Conlin – 5 months ago
Ah, sorry if I stated the obvious then. I'm not really an expert on C#, so I don't have a dev environment I can test it on easily. What you can do to test things out is to use the OAuthTest Page: <http://developer.netflix.com/resources/OAuthTest>
If you click on the gray "advanced" to the bottom right of the form you'll get some additional fields as well as get to see the SBS that's used to generate the signature value. (To note, that page seems to double encode commas as %252C, where Flixo allows them through unchanged. Either work.)
My gut reaction is that the SBS that the C# library is building is different than the URL values you're providing, (e.g. the SBS is using "expands=cast%2Csynopsis" where you're building your URL with "expands=cast,synopsis") Unfortunately (and if I remember correctly) that library only returns you the signature value, not the string that was generated to provide that value.
I can try poking around a bit inside the library and see if I can spot anything odd, but again, C# isn't really my area.
Shanti – 5 months ago
Thanks much for the quick responses. I got Rich Knox's suggestion exactly backwards and I was sending the literal comma to the Oauth algorithm instead of URL encoding the comma for the query line parameters. The test page is helpful and you suggestion was also spot on, Kent. Thanks again.