Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Jazz secured request ignores OAuth Authorization header

 I sing up with my application to https://jazz2.mycompany.com:9443 using OAuth 1.0a authorization method.

Then when I try to send request to 
with "Authorization: OAuth ..." header with all OAuth standart parameters,
Authorization: OAuth&nbsp; </div> <div> realm=&quot;http://SERVERNAME/rm&quot;, </div> <div> oauth_consumer_key=&quot;49cfd21d97cf4808b730f072c902cef7&quot;, </div> <div> oauth_signature_method=&quot;HMAC-SHA1&quot;, </div> <div> oauth_signature=&quot;HjgQTj8a%2BK4VrqmaU3yiFa4rQgQ%3D&quot;, </div> <div> oauth_timestamp=&quot;1378405866&quot;, </div> <div> oauth_nonce=&quot;e91dd2cca23f429e6e45a049bb856817&quot;, </div> <div> oauth_token=&quot;1d45c97961754fa4b4813fd9e756c5e9&quot;, </div> <div> oauth_version=&quot;1.0&quot;'

 response is 401 Unauthorized.  

But if I send the same OAuth Authorization header parameters as  simple request parameters. I get 200 OK response.

Looks like jazz server somehow ignores header passed Authorization data. Would like to know why? And is there any way to make it work?

1

0 votes



One answer

Permanent link

The Jazz based version of form based authentication with OAuth uses it's own set of headers.

Did you look the requests/responses when logging in to an application (with firebug or alike)?
Another option is checking how authentication is done in the OSLC workshop document and code which you find starting here.

0 votes

Comments

 No I haven't. 
I wanted to make some kind generic authentication for different oslc providers. 

What headers Jazz uses for oAuth authentication? Is it possible some how send authenticated requests with standard oAuth headers?

No don't think Jazz support the standard OAuth dance. Once red in a Jazz article that Jazz servers are structured as OAuth Providers, but have their own implementation details. And DNG delegates authentication to JTS and only supports form-based authentication.

Besides the two info resources I mentioned above, hope these two articles will also help you:
- Jazz Server Authentication Explained
- Authentication of a native client with a Jazz-based application

 Thank you for explanation

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 10,927
× 515
× 139
× 35

Question asked: Jun 07 '17, 1:33 a.m.

Question was seen: 2,779 times

Last updated: Jun 14 '17, 12:06 a.m.

Confirmation Cancel Confirm