api - Creta Signature for Oauth 1.0 with Curl and Php - Fixing error "Unsupported signature method in the header. Require HMAC-SHA256" ← (PHP, HTML)

What is wrong?

This is all my code, I think that it should be fine, but I don't know why... with postman I haven't errors and I receive the tokens while with Curl I receive this error. I'm working in local with Mamp pro.

The error received is:

My Code To generete the Signature and get the Token:

$url = "https://account.api.here.com/oauth2/token";
  $data = array(
    "grant_type" => "client_credentials"
  );

  $oauthNonce = mt_rand();
  $oauthTimestamp = time();
  $oauthCustomereKey = "******";
  $oauthSignatureMethod = "HMAC-SHA256";
  $httpMethod = "POST";
  $oauthVersion = "1.0";
  $keySecret = "*****";

  $baseString = $httpMethod."&". urlencode($url);
  $paramString =
        "grant_type=client_credentials&".
        "oauth_consumer_key=". urlencode($oauthCustomereKey).
        "&oauth_nonce=". urlencode($oauthNonce).
        "&oauth_signature_method=". urlencode($oauthSignatureMethod).
        "&oauth_timestamp=". urlencode($oauthTimestamp).
        "&oauth_version=". urlencode($oauthVersion)
;
  $baseString = $baseString . "&" . urlencode($paramString);
  var_dump($baseString);
  $signingKey= urlencode($keySecret) . "&";

  $signature = urlencode(
      base64_encode(
      hash_hmac(
          'sha256',
          $baseString,
          $signingKey,
          true
      )
    )
  );

    $params = [
      "oauth_consumer_key"     => $oauthCustomereKey,
      "oauth_nonce"            => $oauthNonce,
      "oauth_signature_method" => $oauthSignatureMethod,
      "oauth_timestamp"        => $oauthTimestamp,
      "oauth_version"          => $oauthVersion,
      "oauth_signature"        => $signature
  ];

  // $lol = 'oauth_consumer_key="' . $oauthCustomereKey . '",oauth_signature_method="'.$oauthSignatureMethod . '",oauth_timestamp="'.$oauthTimestamp.'",oauth_nonce="'.$oauthNonce.'",oauth_version="'.$oauthVersion.'",oauth_signature="'.$signature.'"';
  /* This will give you the proper encoded string to include in your Authorization header */
  $params = http_build_query($params, null, ',', PHP_QUERY_RFC3986);
  $authorization = "Authorization: OAuth " . $params;

var_dump($authorization);

  if(!$curl = curl_init()){
      exit;
  }
  curl_setopt($curl, CURLOPT_POST, true);
  curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
  curl_setopt($curl, CURLOPT_URL, $url);
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($curl, CURLOPT_HTTPHEADER, array(
    "Content-Type : application/x-www-form-urlencoded",
    $authorization));
  $token = curl_exec($curl);
  curl_close($curl);
  return $token;

Result basestring (dump on line 87):

string(253) "POST&https%3A%2F%2Faccount.api.here.com%2Foauth2%2Ftoken&grant_type%3Dclient_credentials%26oauth_consumer_key%3D********%26oauth_nonce%3D1468397107%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1605523226%26oauth_version%3D1.0"

And on the doc here we have this example... it look the same:

POST
  &https%3A%2F%2Faccount.api.here.com%2Foauth2%2Ftoken
  &grant_type=client_credentials%26oauth_consumer_key%3Daccess-key-id-1234%26oauth_nonce%3DLIIpk4%26
oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1456945283%26oauth_version%3D1.0

Answer

Solution:

FIXED

Finally... after 2 days... There are 2 errors on the code above:

The parameter $data to CURLOPT_POSTFIELDS
Oauth 1.0 wants the double quotes.

So change:

curl_setopt($curl, CURLOPT_POSTFIELDS, $data);

With

curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($data));

This is strange for me, because with curl I use http_build_query with GET request and not POST, where we can use $data directly like array.
And delete:

$params = http_build_query($params, null, ',', PHP_QUERY_RFC3986);

And write the query with your beautifuls hand because $params doesn't have double quote.

Source

About the technologies asked in this question

PHP

PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites. The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license.
https://www.php.net/

HTML

HTML (English "hyper text markup language" - hypertext markup language) is a special markup language that is used to create sites on the Internet. Browsers understand html perfectly and can interpret it in an understandable way. In general, any page on the site is html-code, which the browser translates into a user-friendly form. By the way, the code of any page is available to everyone.
https://www.w3.org/html/

Welcome to programmierfrage.com

programmierfrage.com is a question and answer site for professional web developers, programming enthusiasts and website builders. Site created and operated by the community. Together with you, we create a free library of detailed answers to any question on programming, web development, website creation and website administration.

Get answers to specific questions

Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.

Help Others Solve Their Issues

Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.