I'm using OAuth for rails and when I'm trying to POST a contact to xero, this happens:
Xeroizer::OAuth::UnknownError in XeroController#sample
signature_invalid:Failed to validate signature
This could be relevant: http://answers.xero.com/developer/question/25801/. The OAuth library used by Xero isn't correctly validating oauth signatures when querystring parameters start with uppercase letters.
Related
I am trying to GET an issue in Jira using POSTMAN. I have selected Type as OAuth 1.0. For that it is asking me some fields mentioned below. I have generated Token and Token Secret which I am passing to it. I have also configured my generic application to Jira in Application links. I am not aware of what to be passed in Consumer Secret and Signature Method (what should be the signature method). I am currently selecting HMAC-SHA1. For rest of the fields it is generating values based on the parameters passed above.
Consumer Key : hardcoded-consumer
Consumer Secret : ?? (What should I pass here)
Token : ojn33TZALMlvp5eCa6HeErDSx9K8LL6A
Token Secret : inHfn2QFJkkYkWQ8FxT9mXkdcoNxYPf5
Signature Method : HMAC-SHA1
Timestamp : 1474290363 (Generated value)
Nonce : x1hs2v (Generated value)
Version : 1.0 (Generated value)
Realm : (It is optional)
After hitting my jira Url it is giving me oauth_problem=token_rejected error. Can anyone tell me where I am making the mistake?
Here is the Jira URL which I am hitting :
http://bmh1060149:8080/rest/api/2/issue/NWFM-1 (NWFM-1 is the Jira issue)
Please find the below screen shot for more reference.
After little bit of research I found the answer. Once we get the access token we can directly pass that to your Jira Url. There is no need to pass all those parameters.
To get all issue types we can use the following URL and passing access token as an argument.
http://bmh1060149:8080/rest/api/2/issuetype?access_token=euyyIxB6q5waBHeZ9zB7kGV21GRNNOud
Please see the attached screen shot for more reference.
I'm using Nest as an Authentication Provider for Salesforce, with the intention of calling the Nest API from Force.com. The problem I have is that Nest corrupts the state parameter during the OAuth 2.0 flow.
This is the redirect from Salesforce to Nest. I've inserted line breaks for clarity:
https://home.nest.com/login/oauth2?
response_type=code&
client_id=16188153-52f1-4ac9-93ee-83ccab5cbd2f&
redirect_uri=https%3A%2F%2Flogin.salesforce.com%2Fservices%2Fauthcallback%2F00DE0000000cjOBMAY%2FNest&
state=jMG%2F2bzDEPisWyKsH7yVPHCrHdHxRAzYhG3Aq7VBF%2FrBLmW49eGj3DEzCLg0aGIvbOadXUxf1pwiDIPupqOMTZ%2BQbuThvTf58y2zXHwDNcoAvg%3D%3D
Note the 'percent encoding' in the state parameter
This is the redirect back to Salesforce:
https://login.salesforce.com/services/authcallback/00DE0000000cjOBMAY/Nest?
state=jMG/2bzDEPisWyKsH7yVPHCrHdHxRAzYhG3Aq7VBF/rBLmW49eGj3DEzCLg0aGIvbOadXUxf1pwiDIPupqOMTZ+QbuThvTf58y2zXHwDNcoAvg==&
code=UCMG2TEF9S69CQX2
Notice, state is no longer URL encoded. And, in particular, since it contains a + character, when Salesforce decodes it, that + is interpreted as a space, and the state doesn't match what Salesforce sent, so authentication fails.
Nest - please fix this!
We're making requests for bearer tokens using client_credentials OAuth 2 grant flow with Apigee. According to the spec:
4.4.2. Access Token Request
The client makes a request to the token endpoint by adding the
following parameters using the "application/x-www-form-urlencoded"
format per Appendix B with a character encoding of UTF-8 in the HTTP
request entity-body:
grant_type
REQUIRED. Value MUST be set to "client_credentials".
If we make a call however we get an error like this:
{"ErrorCode" : "invalid_request", "Error" :"Required param : grant_type"}
It seems that using Apigee we have to send grant_type as a query parameter.
Why is this? We have clients of Apigee that are unable to use OAuth libraries in their language of choice because of the way that Apigee deals with OAuth 2, and it would be good to know if there is by-design or not.
In addition it doesn't seem like it supports grant_type in the post body and sending id and key using basic auth.
Turns out you do not need to send in grant_type as a query parameter. There is a <GrantType> element in your GenerateAccessToken policy that takes in a variable. For instance, I can use the following:
<OAuthV2 name="GenerateAccessToken">
<DisplayName>GenerateAccessToken</DisplayName>
<FaultRules/>
<Properties/>
<!-- This policy generates an OAuth 2.0 access token using the password grant type -->
<Operation>GenerateAccessToken</Operation>
<!-- This is in millseconds -->
<ExpiresIn>1800000</ExpiresIn>
<Attributes/>
<SupportedGrantTypes>
<GrantType>password</GrantType>
</SupportedGrantTypes>
<GenerateResponse enabled="false">
<Format>FORM_PARAM</Format>
</GenerateResponse>
<GrantType>user.grant_type</GrantType>
<UserName>request.header.username</UserName>
<PassWord>request.header.password</PassWord>
</OAuthV2>
In this example, the grant_type is passed in as user.grant_type. But user.grant_type can be anything-- header, query param, form param, or even a hard-coded value. This way, you (the developer) are provided maximum flexibility on how you want to send in the grant_type.
Can you paste the exact API call that you are making (obviously you should obfuscate the key and secret)?
I'd like to understand what you say when you say "Apigee" -- it could mean API BAAS (https://api.usergrid.com) or a proxy that you defined using API services and attached an OAuth 2 policy to, or something else?
I want to get oAuth nonce for https://api.twitter.com/1.1/followers/list.json how can i get whether in php or iOS API
If the question is "How can I generate an OAuth nonce in Objective-C?", then you should start from OAuth specification section 3.3. Nonce and Timestamp.
For an Objective-C implementation, you can have a look at STTwitter's code for generating nonces.
Basically, you can create a random string with the CFUUIDCreateString(). Taking the first 32 characters is enough.
I'm successfully able to get an access token through the OAuth process.
However, when I try to run a POST to the /statuses/update.json endpoint, I get a "Could not authenticate with OAuth."
I'm signing with the token I got back from authenticating with my consumer secret, I don't understand what else could be.
Twitter forums were no help either.
Any tips would be greatly appreciated.
Making authenticated calls to Twitter can be a pain.
Make sure that the parameters in your signature base string are ordered alphabetically.
Take this:
oauth_consumer_key={consumerkey}&oauth_nonce={nonce}&oauth_signature_method=HMAC-SHA1&oauth_timestamp={timestamp}&oauth_token={token}&oauth_version=1.0&status={tweet text}
fill out the values, encode it in Base64, and then put it together like this:
POST&{base64 encoded url}&{base64 encoded base string}
this will be the string you need to sign (without the brackets). (The url in this case will be https://api.twitter.com/1.1/statuses/update.json)
The signing key needs to be built like this:
{consumer secret}&{token secret}
The signature is a HMACSHA1 hash, which is then base64 encoded.
Then you need to put this in the Authorization header:
OAuth oauth_consumer_key="{consumer key}",oauth_nonce="{nonce}",oauth_signature="{signature}",oauth_signature_method="HMAC-SHA1",oauth_timestamp="{timestamp}",oauth_token="{token}",oauth_version="1.0"
And finally put status=your tweet text as the posted data in your request.
I hope this helps.