OAuth access programatically to Doors/DWA
Hi, I am trying to invoke an OSLC service from Doors but I need OAuth dance before.
I get the Token successfully from: /dwa/oauth-request-token and I get an authorization URL from /dwa/oauth-authorize-token but the problem is that the URL I get: /dwa/oauth?oauth_token=a4b085f4-c969-4d22-b888-7623f3fb28d4&oauth_verifier=RdwnBo (where the token and the verifier will change) doesn't exist. I always get a HTTP 404. Is it a wrong URL sent by DWA? Which one is correct? I am using Doors Web Access 1.5.0.0 (Build 214) Any help or comment? Thanks a lot, Chemi. |
6 answers
When do you get 404?
Your initial token seems to be authorized successfully since you get the verifier in the URL.
You need to use the oauth_verifier along with the initial token and token_secret and send the request to oauth_access_token URI - /dwa/oauth-access-token, to get the access token and token_secret.
Hope that helps..
Thanks,
Sudarshan
|
Thanks for your comment Sudarshan.
I thought I should use that URL for the next step.... so I moved then to /dwa/oauth-access-token and I was able to progress I think. But now, at the end, when I invoke the final service I got: HTTP Status 401 - Invalid signature for signature method HMAC-SHA1 Let me explain what I am trying to do and how I am doing it so perhaps you can help me further. My objective is to invoke a service from Doors/DWA from a Java Client. And for that I need OAuth stuff to be solved first. To develop such Java Client, I am using Apache HTTP Client and OAuth Google Code. The steps I follow are: 1.- Login into DWA to authenticate and get the JSESSIONID Cookie. 2.- Request a OAuth Token 3.- Authorize the OAuth Token 4.- Get the access the Token 5.- Invoke my service. I get the error in step 5. Here are the details of each step (URL requested and HTTP Headers from the response). All of them are part of a single sequence. 1.- HTTP Authentication with the server. I request a normal page and then send the HTTP Form. http://192.168.1.42:8080/dwa/oauth HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=UTF-8 Content-Language: en Content-Length: 4579 Vary: Accept-Encoding Date: Fri, 23 Nov 2012 19:10:16 GMT http://192.168.1.42:8080/dwa/oauth/j_acegi_security_check HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=58AA522938F621045424FBDBF1DD1866; Path=/dwa; HttpOnly Location: http://192.168.1.42:8080/dwa/oauth Content-Length: 0 Date: Fri, 23 Nov 2012 19:10:16 GMT 2.- Request the OAuth Token http://192.168.1.42:8080/dwa/oauth-request-token?oauth_consumer_key=0987654321&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1353697838&oauth_nonce=526399064300345&oauth_version=1.0&oauth_signature=gM3%2FGkgspyzWAdOaBoPtmZAnsNE%3D HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Date: Fri, 23 Nov 2012 19:10:16 GMT 3.- Authorization http://192.168.1.42:8080/dwa/oauth-authorize-token?oauth_token=ed357650-5871-4d4a-948a-648f8b2355fe&application_name=DWA&oauth_consumer_key=0987654321&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1353697838&oauth_nonce=526399246702730&oauth_version=1.0&oauth_signature=FjTNqwYmAcM%2BMMhPvQyn4m8fy7I%3D HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1 Location: http://192.168.1.42:8080/dwa/oauth?oauth_token=ed357650-5871-4d4a-948a-648f8b2355fe&oauth_verifier=RtOfDM Content-Length: 0 Date: Fri, 23 Nov 2012 19:10:16 GMT 4.- Access Token http://192.168.1.42:8080/dwa/oauth-access-token?oauth_token=ed357650-5871-4d4a-948a-648f8b2355fe&oauth_verifier=RtOfDM&oauth_consumer_key=0987654321&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1353697838&oauth_nonce=526399281811730&oauth_version=1.0&oauth_signature=CogE%2BXFqRW%2BwjPU4JoxNRp05sR8%3D HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/plain;charset=utf-8 Transfer-Encoding: chunked Vary: Accept-Encoding Date: Fri, 23 Nov 2012 19:10:16 GMT 5.- Access to the final service http://127.0.0.1:80/dwa/rm/dxl/helloWorld?oauth_token_secret=DKWmQip2q4ZGTYIXmJHbg0KBFWR6krhOx4W6A3qQSy6YZ4LVxiex8wJB36rJQtqBd2PM5OUWFLPSvHRycNK1omaaH7VBSzfh5XdBspg%2Bsus%3D&oauth_token=e40cc406-a5bc-4358-ba3f-63891ee78cdd&oauth_consumer_key=0987654321&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1353697838&oauth_nonce=526399319412691&oauth_version=1.0&oauth_signature=IcFAVuttEKIiwR1kSfrdxO6Zo9Q%3D HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=6671A97CB14F1D865078336BC581DB8B; Path=/dwa; HttpOnly WWW-Authenticate: OAuth realm="DWA" Content-Type: text/html;charset=utf-8 Content-Length: 1032 Date: Fri, 23 Nov 2012 19:10:16 GMT And the error in the body is: This request requires HTTP authentication (Invalid signature for signature method HMAC-SHA1). Any idea or help? Writing the post I have noticed in this last step, the server assigns a new JSESSIONID.... could it be the problem? Although the path is the same /dwa Thanks in advance, Chemi. |
Hummm.... after writing the post I noticed that the las URL I used was different IP then the others (I was using a TCP/IP Monitor to understand what was traveling through the net). And perhaps that was the reason a new Cookie no authenticated was issued.
After I change the IP and port to the same one than the others, it seems I receive HTTP 200. Now I have to verify if the service invoked really is working or not. I will post again in case it worked fine.... Regards, Chemi. |
Right, once I added these two header to the final HTTP Request:
Accept: application/rdf+xml Content-Type: application/rdf+xmlI get following answer: <?xml version="1.0"?>So this means I am successfully getting into the Doors/DWA Service using OAuth. Or I think that is the case. Now, the issue is I need to send an XML file as body content in the request, and I have to use POST for that. But if I use POST, then I get HTTP 401 again. Here is the request: http://192.168.1.42:8080/dwa/rm/dxl/helloWorld?oauth_token_secret=lb%2BV7u8yfMEJFN3nSeosObZ%2FlFMvh44pYNkee7U7M9Wz6ev84u5Cmww9KXopewUELT1fwnILrd4mupi7%2FfUurLr98Qd%2BYT9k8fcx7AGeegY%3D&oauth_token=bf87b673-745f-4b94-b7ff-b1da722977b8&oauth_consumer_key=0987654321&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1353757948&oauth_nonce=586672573081445&oauth_version=1.0&oauth_signature=GpOID%2FuiqRi4wLSkUESvcgJ75%2F4%3D <?xml version="1.0" encoding="UTF-8"?> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:doors="http://jazz.net/doors/xmlns/prod/jazz/doors/2.0/"> <doors:Arguments> <doors:arguments >English</doors:arguments> </doors:Arguments> </rdf:RDF> And here is the response: HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 WWW-Authenticate: OAuth realm="DWA" Content-Type: text/html;charset=utf-8 Content-Length: 1032 Date: Sat, 24 Nov 2012 11:52:23 GMT HTTP Status 401 - Invalid signature for signature method HMAC-SHA1 So, question is... should I send anything else in the headers when using POST to get into OAuth protected services? Using GET instead of POST seems to work.... Thanks in advance, Chemi. |
Got it! It was an issue using OAuth Google classes...
BTW, only GET and PUT were accepted. Once POST worked fine I got an error because just GET and PUT were accepted. Once I used PUT I got the expected answer from the Doors/DWA service.... Now it is time to clean the code... :-) Best regards, Chemi. |
Hello Chemi, where did you get all this information? I know this is ages ago but I'm hoping you remember. I'm trying to get access to Doors NG api use OSLC services and I've run across this oAuth stumbling block. I've got the oauth_token but I'm failing on authorizing with an error message of "invalid_expired_token. I'm trying to do this all on soapUI so I can reproduce it later in middleware. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.