Issue with ConnectyCube User Session Token Creation - "Unexpected Signature" #323
Comments
|
Sorry for asking it on flutter repo but i could not find proper place to ask it |
|
according to the server documentation, the parameters for the generation of the signature should be placed in alphabetical order. it means when you add the user to the signature this parameter should be placed there in the alphabetical order too. |
|
@jostney I meant the const stringForSignature = `application_id=${config.applicationId}&auth_key=${config.authKey}&nonce=${nonce}×tamp=${timestamp}&user[email]=${emailAddress}&user[password]=${password}`; |
|
In docs, the last two params( By the way, i modifed stringForSignature as you did, still having same error when calling |
|
Who can assist me about this from back-end team ? In my latest answer i did all required things but still getting |
|
@banshiAnton can assist here, I will ask him |
|
Hi @jostney and double check your config (application_id/auth_key/auth_secret) |
|
Sent it, waiting. Thanks |
|
Same issue on my side, |
@eznix86 please share here your string to signing and the body of the request. or you can send this info to our support team's e-mail [email protected] |
I already sent. No answer yet. |
|
@eznix86 in the provided info, the string you want to subscribe is absent, please provide all required information |
Please reply to my email. I would happy to share code snippets. |
|
will ask the support team to do it |
|
Hi,
Yes, I already did (spent 5 hours on google), it is the same thing, but
with modern PHP.
I tested in nodeJS also, still the same issue. Even if I write it manually.
Scroll down completely to see the code. I even tried a bare http request.
Same result.
To explain: http_build_query does the same thing as the github link it
concatenates with &. I even tried it manually.
…On Mon, Feb 26, 2024 at 5:53 PM TatankaConCube ***@***.***> wrote:
@eznix86 <https://github.com/eznix86> have you seen the PHP example for
session creation here
<ConnectyCube/connectycube-reactnative-samples#13 (comment)>
?
—
Reply to this email directly, view it on GitHub
<#323 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGKSW2X22RDXVLISZW55XUTYVSHWJAVCNFSM6AAAAABBH3SLIOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRUGIYDANBZGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***
com>
|
|
have you ordered your parameters in line 103 in your code in the right way? |
|
does this parameters contains all data from the body request (except signature)? could you provide the ready for signing string in the raw formate before signing? |
|
Yes
This is the results:
application_id=7578&auth_key=VM-JanUakwoI&nonce=6210×tamp=1708956650&user[login]=demo5&user[password]=password
*Side note: I am not generating an application session, what I want is a
user session. The application session works well.*
…On Mon, Feb 26, 2024 at 6:04 PM TatankaConCube ***@***.***> wrote:
have you ordered your parameters in line 103 in your code in the right way?
—
Reply to this email directly, view it on GitHub
<#323 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGKSW2XZVBRACEW2O2YONALYVSJADAVCNFSM6AAAAABBH3SLIOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRUGIZDGNJQG4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***
com>
|
|
sorry, but I'm not well experienced in the PHP, but the Dart code below works in my case, please check the differences and additionaly please check the time on your local machine where you run the code Map<String, dynamic> parameters = request.params;
StringBuffer keyValueSortedString = StringBuffer();
Map<String, String> sortedParams = SplayTreeMap.from(parameters);
for (String key in sortedParams.keys) {
keyValueSortedString.write("$key=${sortedParams[key]}&");
}
String signString = keyValueSortedString.toString();
signString = signString.substring(0, signString.length - 1);
String key = CubeSettings.instance.authorizationSecret!;
log('Sign string : $signString');
List<int> messageBytes = utf8.encode(signString);
List<int> keyBytes = utf8.encode(key);
Hmac hmac = Hmac(sha1, keyBytes);
Digest digest = hmac.convert(messageBytes);
String signature = digest.toString();
CB-SDK: : Sign string : application_id=476&auth_key=PDZjPBzAO8WPfCp&nonce=911182476×tamp=1708958827&user[login]=flutter_sdk_tests_user&user[password]=flutter_sdk_tests_user
CB-SDK: : =========================================================
=== REQUEST ==== 20db44b9-a879-4dcd-af97-80227f2a3056 ===
REQUEST
POST https://api.connectycube.com/session
HEADERS
{Content-type: application/json, ConnectyCube-REST-API-Version: 0.1.1, CB-SDK: Flutter 2.11.2, CB-Token: }
BODY
{"application_id":"476","auth_key":"PDZjPBzAO8WPfCp","nonce":"911182476","timestamp":"1708958827","signature":"bd31b16e034197c187ac9ade6f4df65513f744d1","user":{"login":"flutter_sdk_tests_user","password":"flutter_sdk_tests_user"}}
CB-SDK: : *********************************************************
*** RESPONSE *** 201 *** 20db44b9-a879-4dcd-af97-80227f2a3056 ***
HEADERS
{cb-token-expirationdate: 2024-02-26 16:47:08 UTC, connection: keep-alive, date: Mon, 26 Feb 2024 14:47:08 GMT, strict-transport-security: max-age=15768000; includeSubDomains, content-length: 674, access-control-expose-headers: CB-Token-ExpirationDate, Date, content-type: application/json; charset=utf-8, server: nginx/1.25.0}
BODY
{"session":{"created_at":"2024-02-26T14:47:08.627Z","updated_at":"2024-02-26T14:47:08.627Z","application_id":476,"token":"3C50709786E66B78C618850B6E7D00B359B9","nonce":911182476,"ts":1708958827,"user_id":2325293,"id":2325293,"user":{"_id":"60926149f8550e007e061943","id":2325293,"created_at":"2020-10-28T13:29:49Z","updated_at":"2024-01-02T10:43:52Z","last_request_at":"2024-01-02T10:43:52Z","timezone":null,"login":"flutter_sdk_tests_user","email":null,"full_name":"Flutter SDK Tests User","phone":null,"website":null,"twitter_id":null,"external_user_id":null,"facebook_id":null,"custom_data":null,"user_tags":"tag1,tag2","avatar":null,"external_id":null,"is_guest":null}}} |
|
@eznix86 could you please share the |
|
Hey,
I am back. Finally, You are right, the issue was with the http_build_query
which was doing some special encoding.
…On Mon, Feb 26, 2024 at 7:09 PM TatankaConCube ***@***.***> wrote:
@eznix86 <https://github.com/eznix86> could you please share the request
value before the return hash_hmac('sha1', $request,
config("services.connectycube.secret")); I suppos the function
http_build_query adds some symbols to the string instead of '[' and ']'.
Try to use the example I shared before
—
Reply to this email directly, view it on GitHub
<#323 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGKSW2RBI6YRDB4UYSVMLALYVSQSRAVCNFSM6AAAAABBH3SLIOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRUGM3TCMBXGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***
com>
|
|
As for the reference, this is a working create session with user example in JS https://github.com/ConnectyCube/create-session-example/tree/main/create-session-example-js |
I am currently facing an issue when attempting to create a
user session tokenusing the ConnectyCube REST API. The server consistently returns an "unexpected signature" error, despite the fact that the signature generation appears to work correctly for other actions, such as creating anapp session token.Here's the method I use to generate the signature:
The signature generation seems correct, as evidenced by the successful creation of an app session token:
However, the same signature, when used to create a user session token, leads to the server responding with an "unexpected signature" error:
I would expect the user session token creation to be successful, similar to the app session token creation. However, the server consistently returns an "unexpected signature" error for user session token creation.
The text was updated successfully, but these errors were encountered: