It's all about the answers!

Ask a question

Problem authorizing requests in JIRA OSLC Adapter through OAuth

Jaroslav Klimes (122) | asked Sep 28 '12, 8:13 a.m.
When I authorize a REST request on the OSLC Adapter for JIRA using all necessary OAuth credentials, I get the following answer from the server:

The remote server returned an error: (401) Unauthorized.
Header: Server: Apache-Coyote/1.1
WWW-Authenticate: OAuth realm="http%3A%2F%2Flocalhost%3A8080",OAuth realm="http%3A%2F%2Flocalhost%3A8080", oauth_problem="token_rejected"
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

The OAuth token has been successfully authenticated before though - could the problem lie in the OAuth realm?

2 answers

permanent link
Steve Pitschke (311) | answered Oct 25 '12, 10:13 a.m.
It looks like your access is using OAuth 1.0.  OAuth 2.0 doesn't support (or at least strongly suggests against) passing access token information via the URL query parameters, which it looks like you have done in your example.  The JIRA OSLC plugin doesn't support query parameter passing of the oauth paramters.

permanent link
William Jones (211) | answered Sep 28 '12, 10:03 a.m.
Can you list the steps you used when making the REST request?   What REST client are you using and how did you do the OAuth authentication?

Jaroslav Klimes commented Oct 03 '12, 7:27 a.m.

Hi, I have developed the client myself, it is written in C# and bases on the OAuthBase library. The authentication steps are performed as follows:

1. Obtaining the request token at - runs OK, returns a token and a token secret.
2. Authorizing the request token at using the browser - after entering the credentials a page appears with "You have successfully authorized oauth_consumer_name"
3. Exchange of request token for the access token at - also runs without a problem, returns the access token and a token secret that is the same as for the request token
4. Using the access token to access resources, eg. at http://localhost:8080/rest/oslc/latest/changerequests/SANDBOX-1 is the problematic part where the error message "token rejected" is returned. I am using POST to send the OAuth parameters to the server.

Jaroslav Klimes commented Oct 03 '12, 7:32 a.m.

An example of the request that accesses protected resources:
POST http://localhost:8080/rest/oslc/latest/changerequests/SANDBOX-1 oauth_consumer_key=70f8de64a18400d2712956db97bd7277&oauth_nonce=6376433&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1349255669&oauth_token=331554bdbad10ec1621596421d880f67&oauth_version=1.0&oauth_signature=LfKJ68lFkf7Aw7w0vJVPSnDXTkk=

Jaroslav Klimes commented Oct 10 '12, 4:35 a.m.

Just a remark: The "" and "localhost" refer to the same computer in this case, I have made sure the difference here does not cause the above described issue. Sorry for the confusion.

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.