Forums : Ohloh API Discussion
Dear Open Hub Users,
We’re excited to announce that we will be moving the Open Hub Forum to
https://community.blackduck.com/s/black-duck-open-hub.
Beginning immediately, users can head over,
register,
get technical help and discuss issue pertinent to the Open Hub. Registered users can also subscribe to Open Hub announcements here.
On May 1, 2020, we will be freezing https://www.openhub.net/forums and users will not be able to create new discussions. If you have any questions and concerns, please email us at
info@openhub.net
Invalid OAuth Request
Hi,
I'm trying to retrieve a Request Token from http://www.ohloh.net/oauth/request_token but I'm receiving 401 (Unauthorized) response with Invalid OAuth Request
in the response body.
I have registered for an API key, I've used the same code against the OAuth echo test server at http://term.ie/oauth/example/ and I've gone through the interactive OAuth walkthrough at http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html (to verify that my signature is correct). All that looks good to me, but Ohloh server seems pickier.
Below is a log of one such attempt. Lines starting with <
are the request and lines starting with >
are the response:
< POST /oauth/requesttoken HTTP/1.1
< Host: www.ohloh.net
< Content-Type: application/x-www-form-urlencoded
< Content-Length: 226
<
< oauthconsumerkey=DRmXUUuyVPmyEb1Qjx5Fg&oauthnonce=hZdNCvZKcokJ9UTPk43YEqesBwpwejmZ3h6IHWQ6hJA%3D&oauthsignaturemethod=HMAC-SHA1&oauthtimestamp=1239916996&oauthversion=1.0&oauthsignature=LRGSz4skty8%2FHKPmN86p7O6R4rA%3D
> 401 Unauthorized
> Server: nginx/0.6.31
> Date: Thu, 16 Apr 2009 21:21:57 GMT
> Content-Type: text/html; charset=utf-8
> Connection: keep-alive
> X-Powered-By: Phusion Passenger (modrails/modrack) 2.1.2
> X-Runtime: 0.01503
> Cache-Control: no-cache
> Set-Cookie: _ohlohsession=15d81d5d34140bd38b89b6e6b35d9489; path=/
> Content-Length: 21
> Status: 401 Unauthorized
> Set-Cookie: uid=YlZzz0nnoXUMaDz8AwRaAg==; expires=Fri, 16-Apr-10 21:21:57 GMT; path=/
>
> Invalid OAuth Request
Thanks,
Mikko Värri
Hi Mikko,
I was able to find your requests in our log and do a little debugging. Unfortunately, OAuth is pretty confusing to debug, so it's going to take some work to get to the bottom of this.
Almost certainly this is some kind of problem with the signature base string. I wouldn't be horribly surprised to discover a bug in the OAuth library we are using, but we have had some successful users lately.
Here's an excerpt from our log:
Signature Mismatch
Signature Base String: POST&http%3A%2F%2Fwww.ohloh.net%2Foauth%2Frequesttoken&oauthconsumerkey%3DDRmXUUuyVPmyEb1Qjx5Fg%26oauthnonce%3DhZdNCvZKcokJ9UTPk43YEqesBwpwejmZ3h6IHWQ6hJA%26oauthsignaturemethod%3DHMAC-SHA1%26oauthtimestamp%3D1239916996%26oauthversion%3D1.0
Expected Signature: OfD5cU+omfAAhject1Z4w5OyoyE=
This shows the signature base string that Ohloh computed based on your POST, and the signature that we expected to accompany it. Two things to check:
- Do we have the same signature base strings?
- If so, did we generate the same signatures?
If we don't have the same signature base string, and you're pretty sure we're doing it wrong, let me know what you think the SBS should be and I'll take a look.
Thanks,
Robin
The nonce in the SBS seems to be missing the %3D
(i.e. the URL encoded =
) from the end. I think this is the bug but I'm not sure?
I'm using gcrypt to create the nonce, which I then encode using base64, so the original nonce for above request was hZdNCvZKcokJ9UTPk43YEqesBwpwejmZ3h6IHWQ6hJA=. This goes through OAuth parameter encoding (hence %3D
) before it is added to SBS.
I hope this helps.
Hi again, Robin,
Any news on this?
I tried changing my code to remove the =
padding from the nonce, and I got a successful response.
So, it seems that either your OAuth library expects nonce to be so simple it doesn't need encoding, or its POST parser gets confused with the encoded =
.
-vmj