It's all about the answers!

Ask a question

Jazz secured request ignores OAuth Authorization header

Tom Tom2 (113) | asked Jun 07 '17, 1:33 a.m.

 I sing up with my application to using OAuth 1.0a authorization method.

Then when I try to send request to 
with "Authorization: OAuth ..." header with all OAuth standart parameters,
Authorization: OAuth&nbsp; </div> <div> realm=&quot;http://SERVERNAME/rm&quot;, </div> <div> oauth_consumer_key=&quot;49cfd21d97cf4808b730f072c902cef7&quot;, </div> <div> oauth_signature_method=&quot;HMAC-SHA1&quot;, </div> <div> oauth_signature=&quot;HjgQTj8a%2BK4VrqmaU3yiFa4rQgQ%3D&quot;, </div> <div> oauth_timestamp=&quot;1378405866&quot;, </div> <div> oauth_nonce=&quot;e91dd2cca23f429e6e45a049bb856817&quot;, </div> <div> oauth_token=&quot;1d45c97961754fa4b4813fd9e756c5e9&quot;, </div> <div> oauth_version=&quot;1.0&quot;'

 response is 401 Unauthorized.  

But if I send the same OAuth Authorization header parameters as  simple request parameters. I get 200 OK response.

Looks like jazz server somehow ignores header passed Authorization data. Would like to know why? And is there any way to make it work?

One answer

permanent link
Bas Bekker (1.4k4) | answered Jun 13 '17, 9:24 a.m.
edited Jun 13 '17, 9:25 a.m.

The Jazz based version of form based authentication with OAuth uses it's own set of headers.

Did you look the requests/responses when logging in to an application (with firebug or alike)?
Another option is checking how authentication is done in the OSLC workshop document and code which you find starting here.

Tom Tom2 commented Jun 13 '17, 1:47 p.m.

 No I haven't. 
I wanted to make some kind generic authentication for different oslc providers. 

What headers Jazz uses for oAuth authentication? Is it possible some how send authenticated requests with standard oAuth headers?

Bas Bekker commented Jun 13 '17, 3:51 p.m. | edited Jun 13 '17, 3:52 p.m.

No don't think Jazz support the standard OAuth dance. Once red in a Jazz article that Jazz servers are structured as OAuth Providers, but have their own implementation details. And DNG delegates authentication to JTS and only supports form-based authentication.

Besides the two info resources I mentioned above, hope these two articles will also help you:
- Jazz Server Authentication Explained
- Authentication of a native client with a Jazz-based application

Tom Tom2 commented Jun 14 '17, 12:06 a.m. | edited Jun 14 '17, 12:06 a.m.

 Thank you for explanation

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.