Yahoo OAuth oauth_problem = signature_invalid 401 error message

I just got the following error message when trying to use the current Yahoo OAuth authentication system to connect to Yahoo Mail:

WARNING: Authentication error: Unable to respond to any of these challenges: 
{oauth=WWW-Authenticate: OAuth oauth_problem=signature_invalid}
dispatch.StatusCode: Unexpected response code: 401

To keep this post short, I'll just say that I was able to fix the error by switching from the "plaintext" signature method to "HMAC-SHA1". I suspect the plaintext method doesn't work properly, but I don't know that for sure.

Solving the Yahoo oauth_problem=signature_invalid error message

I was trying to connect to the Yahoo OAuth system using the Scala Dispatch OAuth library, and was using the plaintext signature method. After trying a zillion variations of my code, and following Yahoo's advice to add "%26" to the end of the oauth_signature, I finally dug into Yahoo's PHP example. Looking at it, I saw that they were using HMAC-SHA1, and by this time I was sure that was the only difference between our code.

In their file named ListFolders.php, I echo'd out the URL they were generating, adding the echo statements after the $url was created, as shown here:

//For HMAC-SHA1 signature
$url = $request->to_url()."&oauth_signature=".urlencode($signature->build_signature( 
       $request, new OAuthConsumer('', $OAuthConsumerSecret), NULL));

echo "***** URL *****";
echo $url;
echo "";

That first $url statement begins on line 32 of their current ListFolders.php file. To solve the problem, I copied the URL they generated, pasted it directly into my Dispatch code, and right away my Scala Yahoo OAuth code began working properly.

Except for changing my key and secret, here's what my working Scala Dispatch Yahoo OAuth code ended up looking like:

import dispatch._
import oauth._
import OAuth._
import scala.xml._

// 1a - got this url from the yahoo php sample app
val request = url("

// 2
val handler = request >>> System.out

// 3

As you can see from that code, the secret to solving the problem is all in the "GET" URL that you create, and the use of HMAC-SHA1. To be clear, my previous URLs all looked a little something like this, but I was using the plaintext method and the consumer key and consumer secret that Yahoo generated for me. When I used their PHP sample code to generated the oauth_signature, their code changed the consumer secret using HMAC-SHA1, and this new URL worked properly. As a result, given all the variations I tried, I suspect that their plaintext system does not work, at least not at the time of this writing (January 10, 2012).