OAuth authentication using POST returns "400 bad request"
693 views
Skip to first unread message
alexander
Jul 15, 2010, 6:59:13 PM7/15/10
to Etsy API V2
Could you post a little bit more info about your OAuth implementation.
I am trying to make it work with DotNetOpenAuth and so far no luck.
It appears that your implementation expects all parameters in the URL.
Is that correct? Below is the example that I tried, using parameters
in the POST body, and it looks like your code does not like it...
Please advise.
REQUEST
------------
POST /v2/sandbox/oauth/request_token HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=utf-8
User-Agent: DotNetOpenAuth/3.4.4.10162
Host: openapi.etsy.com
Cache-Control: no-store,no-cache
Pragma: no-cache
Content-Length: 259
Expect: 100-continue
oauth_callback=http%3A%2F%2Flocalhost
%3A59721%2FSampleWcf.aspx&oauth_consumer_key=<KEY_REMOVED>&oauth_nonce=kZzIyMT5&oauth_signature_method=HMAC-
SHA1&oauth_signature=wvUJWeEhaOZD5GZOGz6qyxii1bI
%3D&oauth_version=1.0&oauth_timestamp=1279228614&scope=
RESPONSE
-----------------
HTTP/1.1 400 Bad Request
X-Mashery-Responder: proxyworker-i-4075c629.mashery.com
X-Mashery-Error-Code: ERR_400_MISSING_REQUIRED_CONSUMER_KEY
Content-Type: text/xml
Accept-Ranges: bytes
Content-Length: 42
Date: Thu, 15 Jul 2010 21:12:58 GMT
Server: Mashery Proxy
<h1>400 Missing Required Consumer Key</h1>
I am trying to make it work with DotNetOpenAuth and so far no luck.
It appears that your implementation expects all parameters in the URL.
Is that correct? Below is the example that I tried, using parameters
in the POST body, and it looks like your code does not like it...
Please advise.
REQUEST
------------
POST /v2/sandbox/oauth/request_token HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=utf-8
User-Agent: DotNetOpenAuth/3.4.4.10162
Host: openapi.etsy.com
Cache-Control: no-store,no-cache
Pragma: no-cache
Content-Length: 259
Expect: 100-continue
oauth_callback=http%3A%2F%2Flocalhost
%3A59721%2FSampleWcf.aspx&oauth_consumer_key=<KEY_REMOVED>&oauth_nonce=kZzIyMT5&oauth_signature_method=HMAC-
SHA1&oauth_signature=wvUJWeEhaOZD5GZOGz6qyxii1bI
%3D&oauth_version=1.0&oauth_timestamp=1279228614&scope=
RESPONSE
-----------------
HTTP/1.1 400 Bad Request
X-Mashery-Responder: proxyworker-i-4075c629.mashery.com
X-Mashery-Error-Code: ERR_400_MISSING_REQUIRED_CONSUMER_KEY
Content-Type: text/xml
Accept-Ranges: bytes
Content-Length: 42
Date: Thu, 15 Jul 2010 21:12:58 GMT
Server: Mashery Proxy
<h1>400 Missing Required Consumer Key</h1>
GraGra33
Jul 15, 2010, 7:14:33 PM7/15/10
to Etsy API V2
That library is like using an elephant gun to kill a roach ... I took
one look at it and rolled my own... Let's talk offline privately.
G.
On Jul 16, 8:59 am, alexander <alexander.uslont...@gmail.com> wrote:
> Could you post a little bit more info about your OAuth implementation.
> I am trying to make it work with DotNetOpenAuth and so far no luck.
>
> It appears that your implementation expects all parameters in the URL.
> Is that correct? Below is the example that I tried, using parameters
> in the POST body, and it looks like your code does not like it...
>
> Please advise.
>
> REQUEST
> ------------
>
> POST /v2/sandbox/oauth/request_token HTTP/1.1
> Content-Type: application/x-www-form-urlencoded; charset=utf-8
> User-Agent: DotNetOpenAuth/3.4.4.10162
> Host: openapi.etsy.com
> Cache-Control: no-store,no-cache
> Pragma: no-cache
> Content-Length: 259
> Expect: 100-continue
>
> oauth_callback=http%3A%2F%2Flocalhost
> %3A59721%2FSampleWcf.aspx&oauth_consumer_key=<KEY_REMOVED>&oauth_nonce=kZzIyMT5&oauth_signature_method=HMAC-
one look at it and rolled my own... Let's talk offline privately.
G.
On Jul 16, 8:59 am, alexander <alexander.uslont...@gmail.com> wrote:
> Could you post a little bit more info about your OAuth implementation.
> I am trying to make it work with DotNetOpenAuth and so far no luck.
>
> It appears that your implementation expects all parameters in the URL.
> Is that correct? Below is the example that I tried, using parameters
> in the POST body, and it looks like your code does not like it...
>
> Please advise.
>
> REQUEST
> ------------
>
> POST /v2/sandbox/oauth/request_token HTTP/1.1
> Content-Type: application/x-www-form-urlencoded; charset=utf-8
> User-Agent: DotNetOpenAuth/3.4.4.10162
> Host: openapi.etsy.com
> Cache-Control: no-store,no-cache
> Pragma: no-cache
> Content-Length: 259
> Expect: 100-continue
>
> oauth_callback=http%3A%2F%2Flocalhost
Justin Kerr Sheckler
Jul 16, 2010, 10:30:50 AM7/16/10
to etsy-...@googlegroups.com
I think that we only support GET params and the Authorization: header
for OAuth, but I'll check with Mashery.
for OAuth, but I'll check with Mashery.
--
Justin Kerr Sheckler
Developer API Lead
Etsy.com
jus...@etsy.com
alexander
Jul 16, 2010, 5:21:22 PM7/16/10
to Etsy API V2
Thanks all, I finally made it work with DotNetOpenAuth, here is a
WebConsumer configuration for Etsy sandbox
-----
MessageReceivingEndpoint requestTokenEndpoint = new
MessageReceivingEndpoint(
new Uri("http://openapi.etsy.com/v2/sandbox/oauth/
request_token"),
HttpDeliveryMethods.GetRequest |
HttpDeliveryMethods.AuthorizationHeaderRequest);
MessageReceivingEndpoint userAuthEndpoint = new
MessageReceivingEndpoint(
new Uri("https://www.etsy.com/oauth/signin"),
HttpDeliveryMethods.GetRequest );
MessageReceivingEndpoint accessTokenEndpoint = new
MessageReceivingEndpoint(
new Uri("http://openapi.etsy.com/v2/sandbox/oauth/
access_token"),
HttpDeliveryMethods.GetRequest);
WebConsumer consumer = new WebConsumer(
new ServiceProviderDescription {
RequestTokenEndpoint = requestTokenEndpoint,
UserAuthorizationEndpoint = userAuthEndpoint,
AccessTokenEndpoint = accessTokenEndpoint,
TamperProtectionElements = new
DotNetOpenAuth.Messaging.ITamperProtectionChannelBindingElement[] {
new HmacSha1SigningBindingElement(),
},
},
tokenManager);
WebConsumer configuration for Etsy sandbox
-----
MessageReceivingEndpoint requestTokenEndpoint = new
MessageReceivingEndpoint(
new Uri("http://openapi.etsy.com/v2/sandbox/oauth/
request_token"),
HttpDeliveryMethods.GetRequest |
HttpDeliveryMethods.AuthorizationHeaderRequest);
MessageReceivingEndpoint userAuthEndpoint = new
MessageReceivingEndpoint(
new Uri("https://www.etsy.com/oauth/signin"),
HttpDeliveryMethods.GetRequest );
MessageReceivingEndpoint accessTokenEndpoint = new
MessageReceivingEndpoint(
new Uri("http://openapi.etsy.com/v2/sandbox/oauth/
access_token"),
HttpDeliveryMethods.GetRequest);
WebConsumer consumer = new WebConsumer(
new ServiceProviderDescription {
RequestTokenEndpoint = requestTokenEndpoint,
UserAuthorizationEndpoint = userAuthEndpoint,
AccessTokenEndpoint = accessTokenEndpoint,
TamperProtectionElements = new
DotNetOpenAuth.Messaging.ITamperProtectionChannelBindingElement[] {
new HmacSha1SigningBindingElement(),
},
},
tokenManager);
SL Lee
Jul 12, 2017, 4:50:29 PM7/12/17
to Etsy API
Hi, stumbled upon this article as I too am trying to ecchange my API
keys for a set of permanent access tokens so that I can start making
authenticated calls to Etsy (C#). But I keep on getting "Unauthorised"...
Would appreciate any help.
Sai.
What I have tried so far
Using @alexander's article as a basis, the code ran and didn't fail. But then what? WQhat do I do with the WebConsumer object?
So, looking at article (https://scatteredcode.wordpress.com/2011/12/01/dotnetopenauth-oauth-and-mvc-for-dummies/ together with https://stackoverflow.com/questions/6907530/c-sharp-asp-net-linkedin-authorization-using-linkedintoolkit-with-dotnetopenauth), I thought I'd figured out what I needed to do next:
...
ie make the call to Etsy and process Etsy's response.
...
However, with my values for consumer token and secret key, the response is "Unauthorised":
The full code then:
Would appreciate any help.
Sai.
What I have tried so far
Using @alexander's article as a basis, the code ran and didn't fail. But then what? WQhat do I do with the WebConsumer object?
So, looking at article (https://scatteredcode.wordpress.com/2011/12/01/dotnetopenauth-oauth-and-mvc-for-dummies/ together with https://stackoverflow.com/questions/6907530/c-sharp-asp-net-linkedin-authorization-using-linkedintoolkit-with-dotnetopenauth), I thought I'd figured out what I needed to do next:
...
Consumer.Channel.Send(Consumer.PrepareRequestUserAuthorization(null, null, null)); var accessTokenResponse = Consumer.ProcessUserAuthorization(); AccessToken = accessTokenResponse.AccessToken; TokenSecret = TokenManager.GetTokenSecret(AccessToken);...
ie make the call to Etsy and process Etsy's response.
...
Consumer.Channel.Send(Consumer.PrepareRequestUserAuthorization(null, null, null));...
However, with my values for consumer token and secret key, the response is "Unauthorised":
The full code then:
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth;
using DotNetOpenAuth.OAuth.ChannelElements;
using DotNetOpenAuth.OAuth.Messages;
using RestSharp;
using RestSharp.Authenticators;
public class Authorise
{
#region Supporting class
public class ConsumerTokenManager : IConsumerTokenManager
{
private Dictionary<string, string> tokensAndSecrets = new Dictionary<string, string>();
public ConsumerTokenManager(string consumerKey, string consumerKeySecret)
{
ConsumerKey = consumerKey;
ConsumerSecret = consumerKeySecret;
}
#region ITokenManager Members
public string ConsumerKey { get; private set; }
public string ConsumerSecret { get; private set; }
public string GetTokenSecret(string token)
{
return this.tokensAndSecrets[token];
}
public void StoreNewRequestToken(UnauthorizedTokenRequest request, ITokenSecretContainingMessage response)
{
this.tokensAndSecrets[response.Token] = response.TokenSecret;
}
public void ExpireRequestTokenAndStoreNewAccessToken(string consumerKey, string requestToken, string accessToken, string accessTokenSecret)
{
this.tokensAndSecrets.Remove(requestToken);
this.tokensAndSecrets[accessToken] = accessTokenSecret;
}
/// <summary>
/// Classifies a token as a request token or an access token.
/// </summary>
/// <param name="token">The token to classify.</param>
/// <returns>Request or Access token, or invalid if the token is not recognized.</returns>
public TokenType GetTokenType(string token)
{
throw new NotImplementedException();
}
#endregion
}
#endregion Supporting class
private WebConsumer Consumer
{
get;
set;
}
private ConsumerTokenManager TokenManager
{
get;
set;
}
public string AccessToken
{
get;
set;
}
public string TokenSecret
{
get;
set;
}
public void GetAccessTokensFromEtsy(string consumerKey, string consumerKeySecret)
{
MessageReceivingEndpoint requestTokenEndpoint = new MessageReceivingEndpoint(new Uri("https://openapi.etsy.com/v2/oauth/request_token"), HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest);
MessageReceivingEndpoint userAuthEndpoint = new MessageReceivingEndpoint(new Uri("https://www.etsy.com/oauth/signin"), HttpDeliveryMethods.GetRequest);
MessageReceivingEndpoint accessTokenEndpoint = new MessageReceivingEndpoint(new Uri("https://openapi.etsy.com/v2/oauth/access_token"), HttpDeliveryMethods.GetRequest);
TokenManager = new ConsumerTokenManager(consumerKey, consumerKeySecret);
Consumer = new WebConsumer
(
new ServiceProviderDescription
{
AccessTokenEndpoint = accessTokenEndpoint,
RequestTokenEndpoint = requestTokenEndpoint,
UserAuthorizationEndpoint = userAuthEndpoint,
TamperProtectionElements = new DotNetOpenAuth.Messaging.ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement(), },
ProtocolVersion = ProtocolVersion.V10
},
TokenManager
);
try
{
// https://scatteredcode.wordpress.com/2011/12/01/dotnetopenauth-oauth-and-mvc-for-dummies/
GetAccessTokens();
}
catch (Exception ex)
{
}
}
public void GetAccessTokens()
{
try
{
// Url to redirect to
//var authUrl = new Uri(Request.Url.Scheme + "://" + Request.Url.Authority + "/Home/OAuthCallBack");
// request access
Consumer.Channel.Send(Consumer.PrepareRequestUserAuthorization(null, null, null));
var accessTokenResponse = Consumer.ProcessUserAuthorization();
AccessToken = accessTokenResponse.AccessToken;
TokenSecret = TokenManager.GetTokenSecret(AccessToken);
}
catch (Exception ex)
{
}
}
}
Reply all
Reply to author
Forward
0 new messages