Jazz secured request ignores OAuth Authorization header
I sing up with my application to https://jazz2.mycompany.com:9443 using OAuth 1.0a authorization method.
Authorization: OAuth
</div>
<div>
realm="http://SERVERNAME/rm",
</div>
<div>
oauth_consumer_key="49cfd21d97cf4808b730f072c902cef7",
</div>
<div>
oauth_signature_method="HMAC-SHA1",
</div>
<div>
oauth_signature="HjgQTj8a%2BK4VrqmaU3yiFa4rQgQ%3D",
</div>
<div>
oauth_timestamp="1378405866",
</div>
<div>
oauth_nonce="e91dd2cca23f429e6e45a049bb856817",
</div>
<div>
oauth_token="1d45c97961754fa4b4813fd9e756c5e9",
</div>
<div>
oauth_version="1.0"'
401 Unauthorized
.
200 OK
response.
jazz
server somehow ignores header passed Authorization data. Would like to know why? And is there any way to make it work?
One answer
The Jazz based version of form based authentication with OAuth uses it's own set of headers.
Did you look the requests/responses when logging in to an application (with firebug or alike)?
Another option is checking how authentication is done in the OSLC workshop document and code which you find starting here.
Comments
No I haven't.
I wanted to make some kind generic authentication for different oslc providers.
No don't think Jazz support the standard OAuth dance. Once red in a Jazz article that Jazz servers are structured as OAuth Providers, but have their own implementation details. And DNG delegates authentication to JTS and only supports form-based authentication.
Besides the two info resources I mentioned above, hope these two articles will also help you:
- Jazz Server Authentication Explained
- Authentication of a native client with a Jazz-based application
Thank you for explanation