Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Problem authorizing requests in JIRA OSLC Adapter through OAuth

Questions
Tags
Users
Badges
Jaroslav Klimes
(122) Sep 28 '12, 8:13 a.m.
When I authorize a REST request on the OSLC Adapter for JIRA using all necessary OAuth credentials, I get the following answer from the server:

The remote server returned an error: (401) Unauthorized.
Header: Server: Apache-Coyote/1.1
WWW-Authenticate: OAuth realm="http%3A%2F%2Flocalhost%3A8080",OAuth realm="http%3A%2F%2Flocalhost%3A8080", oauth_problem="token_rejected"
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

The OAuth token has been successfully authenticated before though - could the problem lie in the OAuth realm?

1

0 votes

2 answers
7,113 views
0 votes

2 answers

Permanent link
William Jones
JAZZ DEVELOPER (211) Sep 28 '12, 10:03 a.m.
Can you list the steps you used when making the REST request?   What REST client are you using and how did you do the OAuth authentication?

0 votes

Comments
Jaroslav Klimes
Oct 03 '12, 7:27 a.m.

Hi, I have developed the client myself, it is written in C# and bases on the OAuthBase library. The authentication steps are performed as follows:

1. Obtaining the request token at http://10.1.2.50:8080/rest/oslc/latest/oauth/request_token - runs OK, returns a token and a token secret.
2. Authorizing the request token at http://10.1.2.50:8080/rest/oslc/latest/oauth/authorize using the browser - after entering the credentials a page appears with "You have successfully authorized oauth_consumer_name"
3. Exchange of request token for the access token at http://10.1.2.50:8080/rest/oslc/latest/oauth/access_token - also runs without a problem, returns the access token and a token secret that is the same as for the request token
4. Using the access token to access resources, eg. at http://localhost:8080/rest/oslc/latest/changerequests/SANDBOX-1 is the problematic part where the error message "token rejected" is returned. I am using POST to send the OAuth parameters to the server.

Jaroslav Klimes
Oct 03 '12, 7:32 a.m.

An example of the request that accesses protected resources:
POST http://localhost:8080/rest/oslc/latest/changerequests/SANDBOX-1 oauth_consumer_key=70f8de64a18400d2712956db97bd7277&oauth_nonce=6376433&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1349255669&oauth_token=331554bdbad10ec1621596421d880f67&oauth_version=1.0&oauth_signature=LfKJ68lFkf7Aw7w0vJVPSnDXTkk=

Jaroslav Klimes
Oct 10 '12, 4:35 a.m.

Just a remark: The "10.1.2.50" and "localhost" refer to the same computer in this case, I have made sure the difference here does not cause the above described issue. Sorry for the confusion.

Permanent link
Steve Pitschke
JAZZ DEVELOPER (311) Oct 25 '12, 10:13 a.m.
It looks like your access is using OAuth 1.0.  OAuth 2.0 doesn't support (or at least strongly suggests against) passing access token information via the URL query parameters, which it looks like you have done in your example.  The JIRA OSLC plugin doesn't support query parameter passing of the oauth paramters.

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,503
× 516
× 22

Question asked: Sep 28 '12, 8:13 a.m.

Question was seen: 7,113 times

Last updated: Oct 25 '12, 10:13 a.m.

Related questions
Confirmation Cancel Confirm