Error when posting to comments API

[albertleao]

When posting to 'media/'.$post_id.'/comments' I get the following error:

Type: Larabros\Elogram\Exceptions\OAuthForbiddenException

Message: Invalid signed-request: Signature does not match

I have attempted making the call using:

$instagram->secureRequests();
$instagram->comments()->create($post_id, $this->input->post('text'));

or

$instagram->secureRequests();
$function = 'POST';
$endpoint = 'media/'.$post_id.'/comments';
$params = ['form_params' => $params];
$instagram->request($function, $endpoint, $params);

All my GET requests are working fine. I also make a POST request to likes and that is working correctly.

[hassankhan]

Perhaps it's a silly question, but are Signed Requests definitely enabled from the dashboard?

[albertleao]

Yes. I have both 'Disable implicit OAuth' and 'Enforce signed requests' checked on my dashboard.

I'm currently able to delete comments, like and unlike posts without any issues. The only api endpoint that seems to not work is posting to comments.

[hassankhan]

Ah okay, that's weird, I really haven't had time to investigate and I've got a lot on work-wise, I'll try and have a look soon

[albertleao]

I understand. Do you think you could point me in the right direction of where the root cause may be? I can try to take a look myself.

[hassankhan]

Thanks so much, the classes I'd specifically check are Http/Middleware/SecureRequestMiddleware and Repositories/CommentsRepository. IIRC I did write some tests for the secure request signature generation using the Instagram documentation, so I would have thought that it was all okay.

One theory I just came up with is that possibly the signature generation requires hashing the request body in some way that I may have forgotten to do, so hopefully that might help.

I'd like to think the codebase is somewhat coherent at a glance, so I hope you won't have too much trouble finding what's what 😄

[albertleao]

Looks like you were right. The params sent to the generateSig function are missing the request params

I'll give it a shot at fixing and let you know

[hassankhan]

That would be lovely, if you could throw in a test case that would be supremely helpful as well 👍

[albertleao]

Looked into it. Wasn't sure how to do it following exactly what you're doing. Would you create a interface for post params to pass into the generateSig() function?

All that needs to be done is pass the post parameters to the array $params argument.

[hassankhan]

The POST parameters can be retrieved through $request, unless I'm missing something? Might be worth doing a check to see if the request is GET or POST, and then either doing $request-> getQueryParams() or whatever it is to get POST params.

[albertleao]

Hmm.

We need the parameters passed through to the function. There may be other things in the Request that we don't need. The getQueryParams in the UrlParserTrait will only get the access token. We would need to pass the parameters from the request call to the Client class

$client->request('POST', "media/{$media_id}/comments, ['text' => $my_text]);

The text needs to be added to the

foreach ($params as $key => $val) { $sig .= "|$key=$val"; }

in the generateSig() function in the SecureRequestMiddleware

[albertleao]

I haven't worked much with Middleware so am unsure of how to get the $options in a call such as

$client->request('GET', $endpoint, $options)

to reach the SecureRequestMiddleware generateSig() function.