Hi,
I am sending a request to Quickbooks API [1] with an OAuth 1.0
Authentication header as specified as specified at [2]. I am using the
SignPost library at [3] to create an OAuth authentication header using the
following code:
final String consumerKey =
messageContext.getProperty("uri.var.consumerKey").toString();
final String consumerSecret =
messageContext.getProperty("uri.var.consumerSecret").toString();
final String accessToken =
messageContext.getProperty("uri.var.accessToken").toString();
final String accessTokenSecret =
messageContext.getProperty("uri.var.accessTokenSecret").toString();
final QuickBooksHttpRequest request = new
QuickBooksHttpRequest();
request.setRequestUrl(requestUrl);
request.setMethod(requestMethod);
// Generate the Authorization and get response through signpost.
final OAuthConsumer consumer = new
DefaultOAuthConsumer(consumerKey, consumerSecret);
consumer.setTokenWithSecret(accessToken, accessTokenSecret);
consumer.setSigningStrategy(new
AuthorizationHeaderSigningStrategy());
final HttpRequest signedRequest = consumer.sign(request);
messageContext.setProperty("auth",
response.getHeader(OAuth.HTTP_AUTHORIZATION_HEADER));
I am using the following template to make the call to Quickbooks:
<sequence>
<property name="uri.var.queryString"
expression="$func:queryString" />
<property name="uri.var.uriRemainder"
expression="fn:concat('/company/',get-property('uri.var.companyId'),'/query')"
/>
<property name="uri.var.params"
expression="fn:concat('query=',get-property('uri.var.queryString'))" />
<class
name="org.wso2.carbon.connector.quickbooks.auth.QuickBooksOAuthSignpost" />
<filter xpath="(string(get-property('auth'))) and
get-property('auth') !=
''">
<then>
<property name="Authorization"
expression="get-property('auth')"
scope="transport" type="STRING" />
</then>
</filter>
<call>
<endpoint>
<http method="get"
uri-template="https://qb.sbfinance.intuit.com/v3/company/1207487340/query?{uri.var.params}";
/>
</endpoint>
</call>
<header name="intuit_tid" scope="transport" action="remove" />
<header name="QBO-Version" scope="transport" action="remove" />
<header name="Vary" scope="transport" action="remove" />
<header name="Via" scope="transport" action="remove" />
</sequence>
However, this returns an Authorization Failed (401) error.
I also created a direct connection with the same header within the class
mediator as follows:
final HttpsURLConnection requestDirect = (HttpsURLConnection) new
URL(requestUrl).openConnection();
requestDirect.setRequestMethod(requestMethod);
requestDirect.setRequestProperty(OAuth.HTTP_AUTHORIZATION_HEADER,
response.getHeader(OAuth.HTTP_AUTHORIZATION_HEADER));
requestDirect.setRequestProperty("Content-Type",
"application/xml");
requestDirect.setRequestProperty("Accept", "application/xml");
requestDirect.connect();
This request generates the correct output. I sent both requests through the
Membrane monitor and it showed the following request when sent through the
*Call Mediator*:
GET /v3/company/1207487340/query?query=select*from%20Bill HTTP/1.1
Authorization: OAuth oauth_consumer_key="lvprdHlLSmf3OtHNZ4EXtSKkhyyALV",
oauth_nonce="-2078842305459898931",
oauth_signature="A6UC8durYm0y7xBut46fYow6Fgo%3D",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1401087958",
oauth_token="lvprd7Hacq2iK7mwGXOOTHMnmn0CAEOmH0eFv1OypRQpZje5",
oauth_version="1.0"
Accept-Encoding: gzip,deflate
Content-Type: application/xml
Accept: application/xml
Host: qb.sbfinance.intuit.com:80
Connection: Keep-Alive
User-Agent: Synapse-PT-HttpComponents-NIO
When sending a direct call through the *Class Mediator* (which worked), the
following request was observed:
GET /v3/company/1207487340/query?query=select*from%20Bill HTTP/1.1
Authorization: OAuth oauth_consumer_key="lvprdHlLSmf3OtHNZ4EXtSKkhyyALV",
oauth_nonce="-2078842305459898931",
oauth_signature="A6UC8durYm0y7xBut46fYow6Fgo%3D",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1401087958",
oauth_token="lvprd7Hacq2iK7mwGXOOTHMnmn0CAEOmH0eFv1OypRQpZje5",
oauth_version="1.0"
User-Agent: Java/1.7.0_09
Host: qb.sbfinance.intuit.com:80
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
It is evident that both requests are essentially identical (I checked on
Meld as well). Taking the above Authorization header and using it with the
same request on SOAP-UI (as a REST client) also yielded the correct result.
Is there some special feature of the ESB that could be causing this problem?
Thanks.
[1] https://developer.intuit.com/docs/0025_quickbooksapi
[2] http://goo.gl/NxkQ6V
[3] http://code.google.com/p/oauth-signpost/
--
View this message in context:
http://wso2-oxygen-tank.10903.n7.nabble.com/ESB-OAuth-1-0-authentication-headers-failing-when-sending-via-Call-Mediator-tp97265.html
Sent from the WSO2 Development mailing list archive at Nabble.com.
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
