Hi Sergey,
Interesting... In that case, perhaps the issue is
OAuthClientUtils.createAuthorizationHeader(consumer, token, httpMethod,
> uri)... That method generates the signature based on a URI which includes
the query parameters... As an initial workaround I was stripping the query
params from the URI for the purpose of signature generation. I did this via
a PhaseInterceptor as follows:
public class OAuthHeaderInterceptor extends
AbstractPhaseInterceptor<Message>
{
private KioskOAuthCredentials credentials;
public OAuthHeaderInterceptor(final KioskOAuthCredentials credentials)
{
super(Phase.POST_LOGICAL);
this.credentials = credentials;
}
@Override
public void handleMessage(Message message) throws Fault
{
String uri = (String)message.get(Message.ENDPOINT_ADDRESS);
// Strip any query params for authentication purposes--otherwise
remote auth fails...
if (uri.contains("?"))
uri = uri.substring(0,uri.indexOf("?"));
String httpMethod =
(String)message.get(Message.HTTP_REQUEST_METHOD);
OAuthClientUtils.Consumer consumer = new
OAuthClientUtils.Consumer(credentials.getConsumerKey(),credentials.getConsumerSecret());
OAuthClientUtils.Token token = new
OAuthClientUtils.Token(credentials.getTokenKey(),credentials.getTokenSecret());
String authHeader =
OAuthClientUtils.createAuthorizationHeader(consumer,token,httpMethod,uri);
Map<String, List<String>> headerMap = (Map<String,
List<String>>)message.get(Message.PROTOCOL_HEADERS);
headerMap.put("Authorization", Arrays.asList(authHeader));
}
}
That seemed to work as well, but I was worried about non-standard behavior.
Either way it seems like OAuthClientUtils.createAuthorizationHeader may
need tweaking since the current behavior is to include the query param
substring.
Best,
Ian
On Mon, Feb 3, 2014 at 8:33 AM, Sergey Beryozkin [via CXF] <
[email protected]> wrote:
> Hi
>
> I'm just looking at the code and I'm wondering if the client you are
> referring to in the original email calculates the signature correctly or
> not. Is it RESTConsole ?
>
> Basically, the signature string should have the parameters (including
> the URI query parameters) separated from the base URI.
>
> This page shows it quite well:
>
> https://dev.twitter.com/docs/auth/creating-signature
>
> I'm coming to the conclusion the problem is with the 3rd party client code
>
> Thanks, Sergey
>
>
> On 31/01/14 18:50, icoleman wrote:
>
> > Hi Sergey,
> >
> > Thanks for taking the time to respond.
> >
> > I was able to capture the raw headers as they passed through Fiddler (a
> > debugging proxy) and the successful authorization request looks like:
> >
> >
> >
> > While the unsuccessful one generated by REST Console:
> >
> >
> >
> > I did try to update the content type and accept headers for the failed
> > request to read...
> >
> >
> >
> > ...but that didn't seem to make any difference either.
> >
> >
> >
> > --
> > View this message in context:
> http://cxf.547215.n5.nabble.com/OAuth-1-0-And-Signature-With-Query-Params-tp5739357p5739361.html
>
> > Sent from the cxf-user mailing list archive at Nabble.com.
> >
>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>
> Blog: http://sberyozkin.blogspot.com
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://cxf.547215.n5.nabble.com/OAuth-1-0-And-Signature-With-Query-Params-tp5739357p5739390.html
> To unsubscribe from OAuth 1.0 And Signature With Query Params, click
> here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5739357&code=aWJjb2xlbWFuQGdtYWlsLmNvbXw1NzM5MzU3fC0xMTM1MjM4NTc3>
> .
> NAML<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context:
http://cxf.547215.n5.nabble.com/OAuth-1-0-And-Signature-With-Query-Params-tp5739357p5739396.html
Sent from the cxf-user mailing list archive at Nabble.com.
