signature_invalid when trying to get request_token (Yahoo)

Question

I started to develop a script to get contacts from Yahoo's user. Before to get contacts, I am having problem to get request token, when I perform a request for a link like this:

<a class="yahoo" href="https://api.login.yahoo.com/oaut/v2/get_request_token?oauth_nonce=<?php echo uniqid() ?>&oauth_timestamp=<?php echo time() ?>&oauth_consumer_key=<?php echo $yahoo_consumer_key ?>&oauth_signature_method=plaintext&oauth_signature=<?php echo $yahoo_consumer_secret ?>&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=<?php echo urlencode('http://myfullurl.com') ?>">Get Contacts</a>

I get an HTTP header 401 Forbidden with message: oauth_problem=signature_invalid

I do not know if I am setting the link correctly but It was what I have understand through http://developer.yahoo.com/oauth/guide/oauth-sign-plaintext.html

Reference: http://developer.yahoo.com/oauth/guide/oauth-requesttoken.html

Answer 1

Your call to https://api.login.yahoo.com/oaut/v2/get_request_token has to be a server-side call, not a link the user has to click.

If you don't know how to do that, you should probably use some PHP OAuth library that handles this for you.

Then, as Yahoo is stating in their documentation :

For requests to get_request_token, the Token Secret is absent. Include only the Consumer Secret followed by an "&" character.

your oauth_signature should be:

&oauth_signature=<?php echo $yahoo_consumer_secret . "&" ?>