It's all about the answers!

Ask a question

How to request an OAuth consumer key from jfs:oauthRequestConsumerKeyUrl?

Thomas Vil (111) | asked Mar 08 '17, 8:54 a.m.


I started developing a custom OSLC adapter in order to connect my applicattion to DNG (6.0.3) as a friend, and therefore trying to understand the logic behind Jazz-specific OAuth properties, in particular jfs:oauthRequestConsumerKeyUrl. Currently i'm investigating this from a REST client. According to "Additional OAuth-related Properties in Root Services Documents" specification ( it should be possible to make an HTTP POST to jfs:oauthRequestConsumerKeyUrl <./oauth-request-consumer> from the rootservices document with:

     "name": "consumer name",    <--- The desired name of the consumer 
     "secretType": "string",
     "secret": "secret",      <--- The desired consumer secret  
     "trusted": "false",      <--- The desired trust setting 
     "userId": "userId-name"   <--- The desired user to be associated with the consumer 
as a request body. However, it doesn't work, as the request returns 403 response with an error message:

Perrmision denied.
Your account does not have the group memberships required to access the requested resource.

What is the correct HTTP call to be made in order for this to work as described in the specification? Or is there something else missing?

3 answers

permanent link
Donald Nong (14.5k414) | answered Mar 08 '17, 9:53 p.m.

The error message says that you need an appropriate repository role (very likely JazzAdmins) to complete the request. Have you verified that you have logged in and got the right role?

Thomas Vil commented Mar 09 '17, 1:28 a.m.

Yes, I'm logged in with a user that has the following roles: JazzAdmins, JazzUsers, JazzProjectAdmins.

permanent link
Thomas Vil (111) | answered Mar 09 '17, 2:01 a.m.

It started working after several browser session restarts and adding "X-Jazz-CSRF-Prevent" headers with JSESSIONID as a value.

permanent link
Lonnie VanZandt (78217) | answered May 22 '17, 8:07 a.m.

I was able to get the following POST to work without the X-Jazz-CSRF-Prevent header:

Request a Provisional ConsumerKey for Patricia, the JazzAdmin

curl -X "POST" "" -H "Content-Type: application/json; charset=utf-8" -d $'{"secret": "PatriciaConsumerSecret", "secretType": "string", "trusted": "false", "name": "PatriciaConsumerName", "userId": "patricia"}'

The server responded:
HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Content-Type: text/json;charset=UTF-8
Content-Language: en-US
Transfer-Encoding: chunked
Connection: Close
Date: Mon, 22 May 2017 11:55:27 GMT

Lonnie VanZandt commented May 22 '17, 8:08 a.m.'s HTML editor is ... not the best.

Your answer

Register or to post your answer.