OAuth 1.0 Direct Access

Hi guys,

Is there a simple way to implement OAuth version 1 via direct access rather than user tokens?
The oauth plugin from ServoyForge is not useful here, this is not for twitter or other apps that it supports.

I don’t know much about OAuth but the example request below (offered by the OAuth provider) looks fairly simple and is not using any tokens, so I tried to put up a http request with the help of the http plugin. However, I keep getting a ‘Invalid signature’ (code 401) or ‘Internal Server Error’ (code 200) in the response.

Could someone, please, criticize what I’m doing?

According to the OAuth provider example of using their API, the request should contain the following data:

OAuth Details:
Consumer Key: some-consumer-key
Consumer Secret: very-long-abrakadabra
Signature Method: HMAC-SHA1
Access Type: 2-legged
Host/ Subnet: 0.0.0.0/0

The request itself would be similar to this (again, this is from the API provider instructions):

> POST /api/ HTTP/1.1
Host: some.host.com
Authorization: OAuth,oauth_version="1.0",oauth_nonce="VNXp1srdSxb",oauth_timestamp="1436699816",oauth_consumer_key="some-consumer-key",oauth_signature_method="HMAC-SHA1",oauth_signature="signature-as-abrakadabra"
Content-Type: application/json
Accept: application/json
Content-Length: 45

{"id":0,"method":"InvoiceSearch","params":[]}

My code looks like this:

        var httpClient = plugins.http.createNewHttpClient();
	var url = "https://some.host.com/api/?format=json"; //this is the main access point as specified by the OAuth provider: https://some.host.com/api/?format=(soap|json|xml)
	var request = httpClient.createPostRequest(url);
	request.addHeader('Authorisation', 'OAuth')

	var consumer_secret_key = 'very-long-abrakadabra';
	
	request.addParameter('oauth_version', '1.0');
	request.addParameter('oauth_nonce', 'VNXp1srdSxb');
	request.addParameter('oauth_timestamp', '1436699816');
	request.addParameter('oauth_consumer_key', 'some-consumer-key');
	request.addParameter('oauth_signature_method', 'HMAC-SHA1');
	request.addParameter('oauth_signature', 'pie90pC%2FaTOiSdAB81JQZ8l2rNI%3D');

        request.addParameter('id', '0');
	request.addParameter('method', 'CompanySearch');
	request.addParameter('params', '%5B%5D'); //I tried to pass the square brackets raw '[]' or encoded '%5B%5D' which did not seem to affect anything

My signature was generated here, I made sure I’m using the same nonce and timestamp both in my code and in that form. I haven’t bothered with my own implementation yet.

Well, the above code hasn’t worked and I’m wondering if it’s as simple as I imagine.
Appreciate any advice and help.

Pretty please?

Hi Maria,

I’m no expert at this but I think given the example your code should look something like this:

  var httpClient = plugins.http.createNewHttpClient();
   var url = "https://some.host.com/api/?format=json"; //this is the main access point as specified by the OAuth provider: https://some.host.com/api/?format=(soap|json|xml)
   var request = httpClient.createPostRequest(url);
   request.addHeader('Authorisation', 'OAuth,oauth_version="1.0",oauth_nonce="VNXp1srdSxb",oauth_timestamp="1436699816",oauth_consumer_key="some-consumer-key",oauth_signature_method="HMAC-SHA1",oauth_signature="signature-as-abrakadabra"');
   request.addHeader('Content-Type','application/json');
   request.addHeader('Accept','application/json');

  request.addParameter(null, '{"id":0,"method":"InvoiceSearch","params":[]}');

Hope this helps

j.boonstra:
Hi Maria,

I’m no expert at this but I think given the example your code should look something like this:

  var httpClient = plugins.http.createNewHttpClient();

var url = “https://some.host.com/api/?format=json”; //this is the main access point as specified by the OAuth provider: https://some.host.com/api/?format=(soap|json|xml)
var request = httpClient.createPostRequest(url);
request.addHeader(‘Authorisation’, ‘OAuth,oauth_version=“1.0”,oauth_nonce=“VNXp1srdSxb”,oauth_timestamp=“1436699816”,oauth_consumer_key=“some-consumer-key”,oauth_signature_method=“HMAC-SHA1”,oauth_signature=“signature-as-abrakadabra”’);
request.addHeader(‘Content-Type’,‘application/json’);
request.addHeader(‘Accept’,‘application/json’);

request.addParameter(null, ‘{“id”:0,“method”:“InvoiceSearch”,“params”:}’);

Hope this helps

Nah, mate, that didn’t work. But thanks for sharing your opinion.

Anyone else?

Recommend using Postman: https://www.getpostman.com/ to test with initially. Once you get it working, convert over to Servoy. This process surfaces small errors easier than just using Servoy.

A second advantage is that we have run into at least one situation where it was Servoy’s fault. Not sure what library the http plugin is wrapping but it was just not up to the task of an API we were trying to access. Had to run everything through curl instead.

david:
Recommend using Postman: https://www.getpostman.com/ to test with initially. Once you get it working, convert over to Servoy. This process surfaces small errors easier than just using Servoy.

A second advantage is that we have run into at least one situation where it was Servoy’s fault. Not sure what library the http plugin is wrapping but it was just not up to the task of an API we were trying to access. Had to run everything through curl instead.

Thanks David.
Tried Postman, my request works and returns data.
Still can’t get Servoy http plugin to do the job. Can any Servoyans throw in suggestions please?

David, what did you mean by running everything through curl?

maria.kyselova:
David, what did you mean by running everything through curl?

cURL, command line program. Use with executeProgram (or whatever it’s called now). Example: viewtopic.php?f=22&t=18785&p=101514&#p101514

You can copy the cURL code from Postman:

[attachment=1]Screen Shot 2015-07-17 at 12.28.42 AM.png[/attachment]

[attachment=0]Screen Shot 2015-07-17 at 12.28.56 AM.png[/attachment]

Screen Shot 2015-07-17 at 12.28.56 AM.png605×532 39.5 KB

Screen Shot 2015-07-17 at 12.28.42 AM.png195×202 4.63 KB