At the second call to Client.ProcessUserAuthorization(); after I get the code from the oauth server, I get an exception: Error occurred while sending a direct message or getting the response.
Here is the last part from the log file taken with log4net, the full log is recorded in this gist: https://gist.github.com/tonyeung/5513769
2013-05-03 15:14:41,292 (GMT-5) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Sending AccessTokenAuthorizationCodeRequestC request.
2013-05-03 15:14:41,393 (GMT-5) [10] DEBUG DotNetOpenAuth.Http - HTTP POST http://localhost:38828/OAuth/Token
2013-05-03 15:14:41,450 (GMT-5) [10] ERROR DotNetOpenAuth.Http - http://localhost:38828/OAuth/Token returned 400 BadRequest: Bad Request
2013-05-03 15:14:41,450 (GMT-5) [10] DEBUG DotNetOpenAuth.Http - WebException from http://localhost:38828/OAuth/Token:
{"error":"invalid_request"}
I've uploaded the solution to https://github.com/tonyeung/dotnetopenauth
The entry point is in the about action on the home controller of the Client project.
The solution is in VS2012, the latest nuget dnoa package. Nuget restore is on.
Please note that I'm implementing pieces as I need them in order to understand how the library works. I'm sure that this error is due to a missing implementation somewhere, but I'm not sure what it is?
So it looks like I was missing implementations for IsAuthorizationValid and CreateAccessToken in the Authorization Server. Please check the github repository for the stubs i put in that makes the error go away.
EDIT:
There was also a database validation error that I didn't trap. So basically any error on the server side will cause this message it looks like.
EDIT2:
There was also an issue where if the url of the page contains any non url encoded values it will throw an invalid request. In my case, my login page had a querystring parameter of returnUrl, and I had set it to /Home, which it DID NOT like, had to be: %2FHome
Related
com.microsoft.graph.http.GraphServiceException: Error code: SyncStateInvalid
Error message: The sync state identified using the request token 'HzWyBB6EZsMOpd9NmgmVnqAnVEMAAAQ9rM8FAwAA' is no longer valid.
GET https://graph.microsoft.com/v1.0/users/6be2c2df-8e20-4f99/mailFolders/AQMkADlmY2YxNTY3LWVhNjItNDFhMS1iZDA0LWZ/messages/microsoft.graph.delta?$deltatoken=LztZwWjo5IivWBhyxw5rAHNeTrUj6tmJCwsicW9zTkZhNFWO0u7VKvvdkBxQHWUvDsSPLMpUBSlb3nEcc_qVbTk1hQlWa3MIyqHvnT47wRA.NIA-bd_JnbZrpOuTHnjHoWWo1K5QPy4CLrFTODjYn9c
Prefer : odata.maxpagesize=1
Prefer : IdType="ImmutableId"
SdkVersion : graph-java/v1.6.0
Authorization : Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI[...]
Hi guys, I'm getting the above SyncStateInvalid error, I've done a search, realizing that most people are facing SyncStateNotFound error instead.
Not sure if anyone faces this issue before and knows what is the fix.
I am trying to sync incremental mail messages based on the delta token.
I've tried to paste the same link in graph explorer, and was able to get result.
When I send a comments thread. List request to the YouTube API
I get the following exception "But not for all videos":
Google.GoogleApiException: Google.Apis.Requests.RequestError
The API server failed to successfully process the request.
While this can be a transient error, it usually indicates that the requests input is invalid. Check the structure of the commentThread resource in the request body to ensure that it is valid. [400].
And for those videos I double checked the inputs sent with the request and I
make the request with the same data directly from the YouTube API requests trial section but everything goes right!
I want to know why this request becomes valid on some video ID's but invalid on the others ?
I'll appreciate any help.
Here is the full written log: System.AggregateException: One or more errors occurred. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError
The API server failed to successfully process the request. While this can be a transient error, it usually indicates that the requests input is invalid. Check the structure of the commentThread resource in the request body to ensure that it is valid. [400]
Errors [
Message[The API server failed to successfully process the request. While this can be a transient error, it usually indicates that the requests input is invalid. Check the structure of the commentThread resource in the request body to ensure that it is valid.] Location[body - other] Reason[processingFailure] Domain[youtube.commentThread]
]
at Microsoft.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at Microsoft.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccess(Task task)
at Google.Apis.Requests.ClientServiceRequest`1.d__0.MoveNext() in c:\ApiaryDotnet\default\Src\GoogleApis\Apis\Requests\ClientServiceRequest.cs:line 0
--- End of inner exception stack trace ---
CommentThreads.list API doesn't need a request body as indicated in the API reference
Request body
Do not provide a request body when calling this method.
This may have caused the RequestError on your call. Try to remove any objects passed when calling this API, hopefully this would fix the issue.
I'm hopelessly stuck on trying to call Amazon MWS Products API. Particularly I'm trying to request this function
It requires building a pretty complicated request with a signature:
POST /Products/2011-10-01 HTTP/1.1
Content-Type: x-www-form-urlencoded
Host: mws.amazonservices.com
User-Agent: <Your User Agent Header>
AWSAccessKeyId=AKIAEXAMPLEFWR4TJ7ZQ
&Action=ListMatchingProducts
&MWSAuthToken=amzn.mws.4ea38b7b-f563-7709-4bae-87aeaEXAMPLE
&MarketplaceId=ATVPDKIKX0DER
&Query=0439708184
&SellerId=A1IMEXAMPLEWRC
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2012-12-12T22%3A23%3A50Z
&Version=2011-10-01
&Signature=V%2BEXAMPLERT%2Baj%2Fxwqo7y3PIifMFHeqFlNYW0EXAMPLEA%3D
I build this query with the help of this little library:
So my final url string looks like this:
https://mws.amazonservices.com/Products/2011-10-01?AWSAccessKeyId=<MY_ACCESS_KEY>&Action=ListMatchingProducts&MarketplaceId=A1PA6795UKMFR9&Query=0439708184&SellerId=<SELLER_ID>&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2016-04-19T16%3A50%3A13Z&Version=2011-10-01&Signature=mZt3OhM14gwLdsQ%2Bhxz5UFMzr7m2U36DvZ7RG3dcsTI%3D
And it seems that the url string is built correctly. I think so because if a parameter is missing or incorrect the API returns 400 error with explanation that this parameter is invalid. The same applies for the signature. If signature is incorrect the API returns error which clearly states that the signature is invalid. So, again, I think that the url must be ok. However the API returns 401 error and a html page which looks like this:
<?xml version="1.0"?>
<ErrorResponse xmlns="http://mws.amazonservices.com/schema/Products/2011-10-01">
<Error>
<Type>Sender</Type>
<Code>AccessDenied</Code>
<Message>Access denied</Message>
</Error>
<RequestID>7b12e3c8-7b1a-4b6e-b7ba-15ec8c4e0968</RequestID>
</ErrorResponse>
Access denied. And I have no idea why. I've spent several hours already trying to figure out what's wrong. Can anyone help me?
The reason for the problem was that I was calling American url https://mws.amazonservices.com instead of European one https://mws-eu.amazonservices.com. It would be really nice if Amazon response gave more context about the error than simply Access denied
I've got an issue using this OAuth lib when connecting with twitter:
https://github.com/Lusitanian/PHPoAuthLib
I'm using the following url to connect:
http://www.myserver.com/oauth/examples/twitter.php?go=go
I'm getting the following error:
Fatal error: Uncaught exception 'OAuth\Common\Http\Exception\TokenResponseException' with message 'file_get_contents(https://api.twitter.com/oauth/request_token): failed to open stream: HTTP request failed! HTTP/1.1 401 Unauthorized ' in /webDeploy/V2/sites/wandexBB/oauth/src/OAuth/Common/Http/Client/StreamClient.php:75 Stack trace: #0 /webDeploy/V2/sites/wandexBB/oauth/src/OAuth/OAuth1/Service/AbstractService.php(52): OAuth\Common\Http\Client\StreamClient->retrieveResponse(Object(OAuth\Common\Http\Uri\Uri), Array, Array) #1 /webDeploy/V2/sites/wandexBB/oauth/examples/twitter.php(59): OAuth\OAuth1\Service\AbstractService->requestRequestToken() #2 {main} thrown in /webDeploy/V2/sites/wandexBB/oauth/src/OAuth/Common/Http/Client/StreamClient.php on line 75
It looks like the request body is empty.
I see in the code the following params are being used:
$_GET['oauth_token'],
$_GET['oauth_verifier'],
What are these params? I see in my twitter account I have various tokens available after I created my app on twitter, is it something to do with that?
I'm lost :/ This could be the wrong approach altogether.
Can anyone help with this?
Thanks in advance.
This lib seems to have a bug relating to the twitter implementation. Now using a different lib and got that going much more easily:
https://github.com/sudocode/ohmy-auth
I am using the Thinktecture.IdentityModel 4.0 samples for WebApiSecurity. I've modified the AdfsSamlClient to use our ADFS Server. I am able to get a SAML token from out ADFS Server using
var channel = factory.CreateChannel();
var token = channel.Issue(rst) as GenericXmlSecurityToken;
Then I try to make the service call
var client = new HttpClient { BaseAddress = _baseAddress };
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("AdfsSaml", saml);
var response = client.GetAsync("identity").Result;
And get a 401 - Not Authorized call.
I am not sure how to debug this. I have tracing for Microsoft.IdentityModel, but it is only information level trace, no errors or warnings, and nothing I am able to use to debug.
The interesting part of the service trace:
1.
Description OnEndRequest is redirection to IdentityProvider '/WebHost/api/identity'
2.
Description CreateSignInRequest
BaseUri https://[ADFS...]/adfs/ls/
wa wsignin1.0
wtrealm https://[WorkStation...]/WebHost/
wctx rm=0&id=passive&ru=%2fWebHost%2fapi%2fidentity
3.
Description Redirecting to IdentityProvider: 'https://[ADFS...]/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2f[WorkStation...]%2fWebHost%2f&wctx=rm%3d0%26id%3dpassive%26ru%3d%252fWebHost%252fapi%252fidentity&wct=2013-09-30T17%3a35%3a04Z'
Thanks for any insight.
Main thing that springs to mind is to make sure the server knows how to handle the "AdfsSaml" scheme that you're using, so you'll want to make sure that your mapping is correct to your token handler.
One thing I tried was to create my own token handler, and mapped that as the token handler for the header. If you want, you can start with Thinktecture's own HttpSamlSecurityTokenHandler, and debug your way through that. Obviously, if it never hits it, then you've got a mapping issue somewhere.
I also found that if an exception was thrown in the ClaimsAuthenticationManager, it would report as unauthorized - even though the exception being thrown was something completely unrelated (in my case, an InvalidCastException). That stumped me for a while, because I hadn't realise that authentication had gotten so far down the pipeline and that validation of the token had actually been successful - I was just checking the HTTP response, which kept saying unauthorised - so make sure you're not being misled by anything trivial like that.