I didn't notice this thread until just now. Doing OAuth and similar things is not easy.
There is Zinc-SSO https://github.com/svenvc/docs/blob/master/zinc/zinc-sso-paper.md http://sso.stfx.eu/sso-demo You might also learn something from #testGetAfterPost HTH, Sven On 25 Jun 2014, at 20:41, Paul DeBruicker <[email protected]> wrote: > Hey Tim, > > > Your emails aren't getting posted to the users list, only the nabble forum. > Are you a subscriber? If not you should sign up as described here: > http://forum.world.st/mailing_list/MailingListOptions.jtp?forum=1310670 > > > > I know Sven (the Zinc package author) may have other or better ideas for how > to approach what you're attempting. There is also some oAuth stuff in this > repo: > > http://smalltalkhub.com/#!/~JanVanDeSandt/Cloudfork > > > Good luck. > > Paul. > > > > > > > Tim Mackinnon wrote >> That Charles app is pretty darn good - I can see some differences between >> a browser and Zn. >> >> The encoding of submitted form values is different (the browser seems to >> encode a / as %2F when it submits a field value?), there are also some >> cookies missing. >> >> Will check these difference out. >> >> Tim >> >> On 25 Jun 2014, at 15:35, Tim Mackinnon < > >> tamackinnon@ > >> > wrote: >> >>> Hey Paul - I was following: >>> https://trello.com/docs/gettingstarted/index.html#token - where it shows >>> how to manually get a token. When you do an initial request like: >>> https://trello.com/1/authorize?key=substitutewithyourapplicationkey&name=My+Application&expiration=30days&response_type=token >>> >>> It takes you to a page in your browser which has some hidden fields, >>> which you can then click on accept and its posts the form to the url >>> (/1/token/approve). You then get a text result showing your token. >>> >>> I thought this would be a simple way to get the credentials - as in just >>> do what the user does manually. However, I guess its not a simple as that >>> - and it may need OAuth, which I can see there are some Pharo classes >>> Sven did - so maybe I can investigate that (although its getting a bit >>> more complicated than I wanted). >>> >>> Tim >>> >>> p.s. Of course if I get it working, happy to share the secret sauce (I’ve >>> also spotted a few bugs in the new Pharo as well - so I should report >>> those too) >>> >>> On 25 Jun 2014, at 15:14, Paul DeBruicker [via Smalltalk] < > >> [email protected] > >> > wrote: >>> >>>> Where in their docs do you see to use the /1/token/approve endpoint? >>>> >>>> >>>> I didn't see it in this list: >>>> >>>> https://trello.com/docs/api/index.html >>>> >>>> or in the discussion about user tokens >>>> >>>> >>>> >>>> >>>> >>>> also - when you get this working you'll post a MIT licensed version for >>>> everyone to use right? ;) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> Tim Mackinnon wrote >>>> Hi Paul - yes that ZnEasy call works fine - in my case I am trying to >>>> read some data from Trello.com and so you do an initial request with an >>>> application key and then you authorise an operation with some parameters >>>> to get back a token to use for private requests. >>>> >>>> The sequence I am using is this: >>>> >>>> | znc resp soup key sig | >>>> >>>> (znc := ZnClient new) logToTranscript. >>>> >>>> resp := znc >>>> url: 'https://trello.com/1/authorize'; >>>> queryAt: 'scope' put: 'read'; >>>> queryAt: 'expiration' put: '1day'; >>>> queryAt: 'name' put: 'Pharo App'; >>>> queryAt: 'response_type' put: 'token'; >>>> queryAt: ‘key' put: 'xxxxxxx1d588819825d57da6dad4dd'; >>>> get; >>>> response. >>>> >>>> soup := (Soup fromString: resp entity). >>>> key := soup findTag: [ :e | (e name = 'input') and: [ (e attributeAt: >>>> 'name' ifAbsent: ['']) = 'requestKey' ]]. >>>> sig := soup findTag: [ :e | (e name = 'input') and: [ (e attributeAt: >>>> 'name' ifAbsent: ['']) = 'signature' ]]. >>>> >>>> Transcript cr; cr; show: (key attributeAt: 'value'); cr; show: (sig >>>> attributeAt: 'value'); cr; cr. >>>> >>>> resp := znc >>>> resetEntity; >>>> url: '/1/token/approve'; >>>> formAt: 'approve' put: 'Allow'; >>>> formAt: 'requestKey' put: (key attributeAt: 'value'); >>>> formAt: 'signature' put: (sig attributeAt: 'value'); >>>> post; >>>> response. >>>> >>>> >>>> If I look at the logging in the transcript - the first part works fine: >>>> >>>> 2014-06-25 14:50:37 042813 I Wrote a ZnRequest(GET >>>> /1/authorize?response_type=token&key=xxxxxxxxxx1d588819825d57da6dad4dd&scope=read&name=Pharo%20App&expiration=1day) >>>> >>>> 2014-06-25 14:50:37 042813 D Sent headers >>>> Accept: */* >>>> User-Agent: Zinc HTTP Components 1.0 >>>> Host: trello.com >>>> >>>> 2014-06-25 14:50:37 042813 I Read a ZnResponse(200 OK >>>> text/html;charset=utf-8 2199B) >>>> ….. >>>> >>>> Its the next bit of the log which is doing something weird - and showing >>>> a resource moved - so I wonder if the server is expecting something >>>> extra? The transcript is showing I have extracted my key and signature >>>> to populate my form and then I see the 302 status code? >>>> >>>> xxxxxx1bf70c02d829c9541f0c3c >>>> xxxxxx5437639/0f28401bf858e7f623c971a45b77291dc113988782 >>>> >>>> >>>> 2014-06-25 14:50:37 042813 I Wrote a ZnRequest(POST /1/token/approve) >>>> 2014-06-25 14:50:37 042813 D Sent headers >>>> User-Agent: Zinc HTTP Components 1.0 >>>> Content-Length: 146 >>>> Host: trello.com >>>> Content-Type: application/x-www-form-urlencoded >>>> Accept: */* >>>> >>>> 2014-06-25 14:50:37 042813 I Read a ZnResponse(302 Moved Temporarily >>>> text/plain;charset=UTF-8 35B) >>>> 2014-06-25 14:50:37 042813 D Received headers >>>> X-Frame-Options: DENY >>>> Content-Length: 35 >>>> Content-Type: text/plain; charset=UTF-8 >>>> X-Powered-By: Express >>>> X-Content-Type-Options: nosniff >>>> Location: / >>>> Cache-Control: no-store, no-cache >>>> Strict-Transport-Security: max-age=15768000 >>>> Date: Wed, 25 Jun 2014 13:50:37 GMT >>>> X-Xss-Protection: 1; mode=block >>>> Vary: Accept, Accept-Encoding >>>> >>>> 2014-06-25 14:50:37 042813 D Redirecting to https://trello.com:443/ >>>> 2014-06-25 14:50:37 042813 I Wrote a ZnRequest(GET /) >>>> 2014-06-25 14:50:37 042813 D Sent headers >>>> User-Agent: Zinc HTTP Components 1.0 >>>> Host: trello.com >>>> Accept: */* >>>> >>>> 2014-06-25 14:50:38 042813 I Read a ZnResponse(200 OK >>>> text/html;charset=utf-8 147886B) >>>> 2014-06-25 14:50:38 042813 D Received headers >>>> X-Frame-Options: DENY >>>> Content-Length: 147886 >>>> Set-Cookie: sup=1; Path=/; Expires=Thu, 25 Jun 2015 13:50:37 GMT >>>> Content-Type: text/html; charset=utf-8 >>>> X-Powered-By: Express >>>> Etag: "579547792" >>>> X-Content-Type-Options: nosniff >>>> Date: Wed, 25 Jun 2014 13:50:37 GMT >>>> Cache-Control: no-store, no-cache >>>> Strict-Transport-Security: max-age=15768000 >>>> X-Xss-Protection: 1; mode=block >>>> Vary: Accept-Encoding >>>> >>>> 2014-06-25 14:50:38 042813 D Received cookie: sup=1; path=/; >>>> domain=trello.com; expires=Thu, 25 Jun 2015 13:50:37 GMT >>>> 2014-06-25 14:50:38 042813 D Received cookie: sup=1; path=/; >>>> domain=trello.com; expires=Thu, 25 Jun 2015 13:50:37 GMT >>>> 2014-06-25 14:50:38 042813 T GET / 200 147886B 1136ms >>>> >>>> >>>> I think I’m a bit out of my depth on this, so maybe I might have to find >>>> a different way of doing things. >>>> >>>> I appreciate the help. >>>> >>>> Tim >>>> >>>> On 25 Jun 2014, at 14:41, Paul DeBruicker [via Smalltalk] <[hidden >>>> email]> wrote: >>>> >>>>> Are you able to get the contents of >>>>> >>>>> ZnEasy get: 'https://www.google.com' >>>>> >>>>> >>>>> ? >>>>> >>>>> >>>>> >>>>> If so then is not an SSL issue. If not you'll need to use charles >>>> proxy (http://www.charlesproxy.com/) or an equivalent to see the decoded >>>> https requests. Wireshark only has encrypted packets. >>>>> >>>>> >>>>> Are you doing the #resetEntity prior to setting the url or other >>>> parameters when doing your POST? >>>>> >>>>> >>>>> >>>>> Tim Mackinnon wrote >>>>> Actually looking at this a bit more - #resetEntity does do what you >>>> suggest (my mistake) - but I still have some problem, possibly related >>>> to https? Not sure whats going on as it looks like the post call is >>>> sending out what I think it should - but somehow the receiving server is >>>> not happy and is redirecting to “/“? >>>>> >>>>> Not really sure how to debug that - guess I might have to learn how to >>>> use wireshark. >>>>> >>>>> Tim >>>>> >>>>> On 25 Jun 2014, at 08:55, Tim Mackinnon <[hidden email]> wrote: >>>>> >>>>>> Hi Paul - thanks for your suggestions, #resetEntity doesn't seem to >>>> clear the parameters or have any effect (which I think makes sense given >>>> the name?). >>>>>> >>>>>> The get portion and decoding parameters is all working perfectly, >>>> it's the post that has me confused. >>>>>> >>>>>> If I inspect the request - it seems to be issuing to "/" - so it's >>>> like the URL: is not being honoured (and the response I get back is the >>>> contents of the / webpage). >>>>>> >>>>>> I think I'm confused about the interaction of URL:, and setting >>>> request and form params. From the docs, it wasn't obvious to me that >>>> ordering is important - but it seems that it is (I was expecting #post >>>> or #get to assemble everything when invoked - but I'm not sure it works >>>> like that). >>>>>> >>>>>> I guess I will have to debug through the code. >>>>>> >>>>>> Tim >>>>>> >>>>>> Sent from my iPhone >>>>>> >>>>>> On 25 Jun 2014, at 05:12, "Paul DeBruicker [via Smalltalk]" <[hidden >>>> email]> wrote: >>>>>> >>>>>>> Do your query parameters from the initial GET get cleared from the >>>> request before the POST? If you're not sure send the client >>>> #resetEntity. >>>>>>> >>>>>>> >>>>>>> Is the response of the GET correct & are the keys decoded properly? >>>> if not can you get a valid signature and request key from somewhere else >>>> (e.g. web ui, or ....) to test the POST? >>>>>>> >>>>>>> >>>>>>> Is it important to reuse the connection? IF not add the #beOneShot >>>> method to both and see if that helps as it does some resetting. >>>>>>> >>>>>>> The #post method is a convenience method that conjoins a send to >>>> #method: and #execute. You could separate them and use #method: at the >>>> top and #execute; before the #request line but I'd be surprised to learn >>>> that fixed things. >>>>>>> >>>>>>> >>>>>>> Good luck >>>>>>> >>>>>>> Paul >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Tim Mackinnon wrote >>>>>>> Hi I'm a bit confused about how to send a get request to a resource >>>> and then post a response to it? I seem to fail on the post part, as it >>>> seems that my query is not being well formeed - or something is not >>>> being cleared when I reuse the connection I used in the get. My code >>>> looks as follows (and I'm sure there is a simple mistake). >>>>>>> >>>>>>> It seems that in my post request, it doesn't formulate the post I >>>> expect - it shows a GET / msg, and as such my response doesn't give me >>>> the token I expect. If I move the "post" line up to the start, I seem >>>> to get a request header I expect, but still not the the result I expect. >>>> Can anyone offer any tips? Do I need to clear my Client in some way >>>> before the second post operation? >>>>>>> >>>>>>> Tim >>>>>>> >>>>>>> | znc resp | >>>>>>> >>>>>>> (znc := ZnClient new) logToTranscript. >>>>>>> >>>>>>> resp := znc >>>>>>> url: 'https://trello.com/1/authorize'; >>>>>>> queryAt: 'scope' put: 'read'; >>>>>>> queryAt: 'expiration' put: '1day'; >>>>>>> queryAt: 'name' put: 'Pharo App'; >>>>>>> "queryAt: 'response_type' put: 'token';" >>>>>>> queryAt: 'key' put: 'xxxxxx1d588819825d57da6dad4dd'; >>>>>>> get; >>>>>>> request; >>>>>>> response. >>>>>>> >>>>>>> soup := (Soup fromString: resp entity). >>>>>>> sig := soup findTag: [ :e | (e name = 'input') and: [ (e >>>> attributeAt: 'name' ifAbsent: ['']) = 'signature' ]]. >>>>>>> key := soup findTag: [ :e | (e name = 'input') and: [ (e >>>> attributeAt: 'name' ifAbsent: ['']) = 'requestKey' ]]. >>>>>>> >>>>>>> resp := znc >>>>>>> url: 'https://trello.com/1/token/approve'; >>>>>>> formAt: 'approve' put: 'Allow'; >>>>>>> formAt: 'requestKey' put: (key attributeAt: 'value'); >>>>>>> formAt: 'signature' put: (sig attributeAt: 'value'); >>>>>>> post; >>>>>>> request; >>>>>>> response. >>>>>>> >>>>>>> >>>>>>> If you reply to this email, your message will be added to the >>>> discussion below: >>>>>>> http://forum.world.st/ZnClient-get-then-post-tp4764605p4764608.html >>>>>>> To unsubscribe from ZnClient get then post?, click here. >>>>>>> NAML >>>>> >>>>> >>>>> If you reply to this email, your message will be added to the >>>> discussion below: >>>>> http://forum.world.st/ZnClient-get-then-post-tp4764605p4764717.html >>>>> To unsubscribe from ZnClient get then post?, click here. >>>>> NAML >>>> >>>> >>>> If you reply to this email, your message will be added to the discussion >>>> below: >>>> http://forum.world.st/ZnClient-get-then-post-tp4764605p4764722.html >>>> To unsubscribe from ZnClient get then post?, click here. >>>> NAML >>> > > > > > > -- > View this message in context: > http://forum.world.st/ZnClient-get-then-post-tp4764605p4764779.html > Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
