Hi Ian
On 03/02/14 14:34, icoleman wrote:
Hi Sergey,
Interesting... In that case, perhaps the issue is
OAuthClientUtils.createAuthorizationHeader(consumer, token, httpMethod,
uri)... That method generates the signature based on a URI which includes
the query parameters... As an initial workaround I was stripping the query
params from the URI for the purpose of signature generation. I did this via
a PhaseInterceptor as follows:
public class OAuthHeaderInterceptor extends
AbstractPhaseInterceptor<Message>
{
private KioskOAuthCredentials credentials;
public OAuthHeaderInterceptor(final KioskOAuthCredentials credentials)
{
super(Phase.POST_LOGICAL);
this.credentials = credentials;
}
@Override
public void handleMessage(Message message) throws Fault
{
String uri = (String)message.get(Message.ENDPOINT_ADDRESS);
// Strip any query params for authentication purposes--otherwise
remote auth fails...
if (uri.contains("?"))
uri = uri.substring(0,uri.indexOf("?"));
String httpMethod =
(String)message.get(Message.HTTP_REQUEST_METHOD);
OAuthClientUtils.Consumer consumer = new
OAuthClientUtils.Consumer(credentials.getConsumerKey(),credentials.getConsumerSecret());
OAuthClientUtils.Token token = new
OAuthClientUtils.Token(credentials.getTokenKey(),credentials.getTokenSecret());
String authHeader =
OAuthClientUtils.createAuthorizationHeader(consumer,token,httpMethod,uri);
Map<String, List<String>> headerMap = (Map<String,
List<String>>)message.get(Message.PROTOCOL_HEADERS);
headerMap.put("Authorization", Arrays.asList(authHeader));
}
}
That seemed to work as well, but I was worried about non-standard behavior.
Either way it seems like OAuthClientUtils.createAuthorizationHeader may
need tweaking since the current behavior is to include the query param
substring.
Why do you think it does ? I can see it delegates OAuth 1.0 core library
which actually strips a query component if any from the base URL and
adds that query as parameters.
Cheers, Sergey
Best,
Ian
On Mon, Feb 3, 2014 at 8:33 AM, Sergey Beryozkin [via CXF] <
[email protected]> wrote:
Hi
I'm just looking at the code and I'm wondering if the client you are
referring to in the original email calculates the signature correctly or
not. Is it RESTConsole ?
Basically, the signature string should have the parameters (including
the URI query parameters) separated from the base URI.
This page shows it quite well:
https://dev.twitter.com/docs/auth/creating-signature
I'm coming to the conclusion the problem is with the 3rd party client code
Thanks, Sergey
On 31/01/14 18:50, icoleman wrote:
Hi Sergey,
Thanks for taking the time to respond.
I was able to capture the raw headers as they passed through Fiddler (a
debugging proxy) and the successful authorization request looks like:
While the unsuccessful one generated by REST Console:
I did try to update the content type and accept headers for the failed
request to read...
...but that didn't seem to make any difference either.
--
View this message in context:
http://cxf.547215.n5.nabble.com/OAuth-1-0-And-Signature-With-Query-Params-tp5739357p5739361.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
------------------------------
If you reply to this email, your message will be added to the discussion
below:
http://cxf.547215.n5.nabble.com/OAuth-1-0-And-Signature-With-Query-Params-tp5739357p5739390.html
To unsubscribe from OAuth 1.0 And Signature With Query Params, click
here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5739357&code=aWJjb2xlbWFuQGdtYWlsLmNvbXw1NzM5MzU3fC0xMTM1MjM4NTc3>
.
NAML<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
--
View this message in context:
http://cxf.547215.n5.nabble.com/OAuth-1-0-And-Signature-With-Query-Params-tp5739357p5739396.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
