Open PreranaPolekar opened 10 years ago
jerryfan2000
commented
10 years ago You don't get accessToken like that. What you did is for making a request when u already have a valid accessToken. You need to find out how to get access Token first. But I can't help you with that becasue I am not a web developer.
PreranaPolekar
commented
10 years ago Hello @jerryfan2000, Thanks a ton for your response. I am not trying to get the access token, I am still stuck in the first step of my authentication process i.e. getting the request token to authorize and then using the "oauth_token" to get the access token. I am able to get the request token when I use HTTP GET method but its not working with POST method where I am suppose to pass all the parameters in "Authorization Header". I am definitely doing something wrong here but unable to figure it out. Any pointers will be of great help! I am literary stuck!!
jescalan
commented
10 years ago I am having the same issue. After issuing an entirely valid OAuth request to this endpoint, I'm getting back a 401 with the text Invalid OAuth Request, and nothing else. This is really challenging to debug, since I don't know what's going wrong at all.
PreranaPolekar
commented
10 years ago @jenius Exactly!! Any pointers from community or 500px support team will be of great help. Its been months now and I am unable to add this service in my app which I really want to..:(
freeatnet
commented
10 years ago @PreranaPolekar I'm sorry to hear you are still having trouble with this. We also support OAuth2, would you be willing to try that?
As far as this implementation goes, I can't help but notice that you are not enclosing oauth_signature in double quotes. Otherwise, an issue of this kind desperately needs a trace of the HTTP request headers and an inspection of the OAuth signature base string, could you post it up?
EDIT: @PreranaPolekar, I just realized you are not providing OAuth header to the signing method. OAuth parameters need to be included into the signature, can you check that out?
PreranaPolekar
commented
10 years ago @freeatnet Thanks a ton for the reply. I would definitely love to try Oauth2, anything that can help me to use 500px. Can you tell me the endpoints for using Oauth2 sorry but I couldn't find anything related to it in api-documentation.
Like you suggested, I tried putting double quotes around signature it threw 500 Internal Server Error. I tried validating my Oauth signature base string online it threw following error : -
Base String syntax: OK
Method type: OK
Hostname: unrecognized hostname "api.500px.com"
URL: OK
Parameters syntax: OK
Success!
The tool was not able to find anything wrong with your Base String! However, this does not always mean that your Base String is perfect, because there are always things which the tool cannot detect.
The fields below are how the tool parsed your Base String. Please verify that all of these values are correct.
Method POST
URL https://api.500px.com/v1/oauth/request_token
oauth_consumer_key 07lIQYW4clmu8XuxP9CHI4XBy528gl2zEgyBL1kN
oauth_nonce 1965023
oauth_signature_method HMAC-SHA1
oauth_timestamp 1410505671
oauth_version 1.0Following is my base string:
POST&https%3A%2F%2Fapi.500px.com%2Fv1%2Foauth%2Frequest_token&oauth_consumer_key%3D07lIQYW4clmu8XuxP9CHI4XBy528gl2zEgyBL1kN%26oauth_nonce%3D1965023%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1410505671%26oauth_version%3D1.0Regarding generating signature and Authorization header I am using the following doc:- http://oauth.net/core/1.0a/
I have provided the Authorization header :-
request.Headers.Add("Authorization", "OAuth oauth_callback=\"http://www.abcxyz.com\",oauth_consumer_key=\"" +consumerKey + "\",oauth_nonce=\"" +nonce + "\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"" + timeStamp + "\", oauth_version=\"1.0\",oauth_signature=\"" + signature +"\"");and I have created the signature exactly the same way as mentioned in the doc. Am I getting you wrong? Any help will be highly appreciated. Thanks a ton in advance.
PreranaPolekar
commented
10 years ago Any update on this?
Whyounes
commented
9 years ago Same problem here, using OAuth2
jcsogo
commented
9 years ago @Whyounes any doc on OAuth2.0 support in 500px? I only can find a OAuth1 process in the docs.
Whyounes
commented
9 years ago Because 500px API is similar to the Twitter API, i followed this article, but i'm stuck at the request_token phase.
PreranaPolekar
commented
9 years ago This seems to be a issue with Oauth 2.0 too... After months of toiling and research I am extremely disappointed to say that I couldnot get it working :( Really wanted to add 500px as a service into my product but no luck at all :( :(.. @Whyounes if you get this working please do post it here.
jcsogo
commented
9 years ago @PreranaPolekar @Whyounes Couple of things:
I would recommend you to stick to those parameters strictly asked for in the oAuth 1.0 specs, http://oauth.net/core/1.0/#anchor9 and forget a bit about what I think it is some outdated information.
Whyounes
commented
9 years ago I'm doing it this way.
1- Post to oauth/request_token with oauth_callback as parameter.
2- I redirect the user to the provider oauth/authorize?oauth_token=TOKEN?oauth_callback=http://......php
3- Inside my callback i receive an oauth_verifier, and post it to the oauth/access_token endpoint with the oauth_verifier in the body.
After that i get a 401 Unauthorized error. I'm a doing something wrong here?
Whyounes
commented
9 years ago @PreranaPolekar I think that the API doesn't support the standard way of authenticating using OAuth, they use XAuth for the third phase.
After retrieving the token, you need to provide the username and password. i got it to work using Guzzle this way.
$px = App::make('pxoauth');
$res = $px->client->post('oauth/access_token', ["body" => [
'x_auth_mode' => 'client_auth',
'x_auth_username' => 'your_username',
'x_auth_password' => 'your_password',
'oauth_callback' => 'http://vaprobash.dev/oauth_callback'
]])->json();@Whyounes that is not true. They support the standard oAuth process. I had problems with the 3rd step because the documentation is wrong and I was adding a oauth_callback parameter to the last step, which is not according to the spec. The server was returning an Error 500. Once I took it out, everything is working like a charm.
PreranaPolekar
commented
9 years ago @Whyounes Congrats you got it working!! But then whats the use of Oauth if we have to use the username and password of the user :( They do support the standard Oauth Process, I had got it working till the second step using GET method but couldnot move a inch using POST method.
@jcsogo I was getting the 500 Internal Server Error too, never tried removing the oauthcallback parameter, will try and get back to you soon meanwhile can you please share the working authentication code? It will help me to figure out my mistakes. Regarding passing the oauth* parameters in url string, I am not passing them in url string, the oauth_* are being passed in request headers. Thanks a ton in advance!
Whyounes
commented
9 years ago @jcsogo So you passed only the oauth_verfier in the POST body? because that's what i was doing, but it didn't work, i also removed the oauth_callback. Can you post the third step working code!
jcsogo
commented
9 years ago You can peek at the code here https://github.com/jcsogo/darktable/commits/500px
jcsogo
commented
9 years ago @PreranaPolekar I am also using POST, so passing those parameters in the header, but what I have learned is that using GET for debug purposes is much convenient, as you see those being passed in the URL, which is easier to debug.
petermolnar
commented
9 years ago I'm struggling with the same either 500 or 401 returns when trying to extend a WordPress plugin named Keyring. It's a framework for OAuth credentials, it is working with OAuth1 ( Twitter, for example ) and both OAuth2 ( Facebook ) perfectly - unlike 500px.
An example of token request GET:
https://api.500px.com/v1/oauth/request_token?oauth_callback=https://petermolnar.eu/wp-admin/tools.php?page=keyring&
action=verify&
kr_nonce=4c7e8cacc8&
nonce=d20c0bf22f&
service=500px&
state=10092&
oauth_consumer_key=CONSUMER_KEY
oauth_nonce=c3388a2e9710eeb544c6abf352c3988d&
oauth_signature=om5t+PzBAIK1AIqgqD4Wdut+Ilg=&
oauth_signature_method=HMAC-SHA1&
oauth_timestamp=1424195296&
oauth_version=1.0( linebreaks are only in place for readability ) and I get [status] => 401 Unauthorized [body] => Invalid OAuth Request
in response. Same with POST.
Twitter, on the other hand, with the same framework, with technically identical code ( only the endpoints and the classname is changed ), sends the exact same request - only the Twitter endpoints instead - and it returns a token, just as expected.
Any idea how to remotely fix the OAuth endpoint of 500px? Because it is broken.
jcsogo
commented
9 years ago I think that the problem is that 500px API is quite picky with the parameters it accepts. In this case you are adding more parameters to the URL than the one strictly supported in the oAuth spec, and that is why you get the 500 or the 401 error codes.
On Tue, Feb 17, 2015 at 7:02 PM, Peter Molnar notifications@github.com wrote:
I'm struggling with the same either 500 or 401 returns when trying to extend a WordPress plugin named Keyring. It's a framework for OAuth credentials, it is working with OAuth1 ( Twitter, for example ) and both OAuth2 ( Facebook ) perfectly - unlike 500px.
An example of token request GET:
https://api.500px.com/v1/oauth/request_token?oauth_callback=https://petermolnar.eu/wp-admin/tools.php?page=keyring& action=verify& kr_nonce=4c7e8cacc8& nonce=d20c0bf22f& service=500px& state=10092& oauth_consumer_key=CONSUMER_KEY oauth_nonce=c3388a2e9710eeb544c6abf352c3988d& oauth_signature=om5t+PzBAIK1AIqgqD4Wdut+Ilg=& oauth_signature_method=HMAC-SHA1& oauth_timestamp=1424195296& oauth_version=1.0 https://api.500px.com/v1/oauth/request_token?oauth_callback=https://petermolnar.eu/wp-admin/tools.php?page=keyring&action=verify&kr_nonce=4c7e8cacc8&nonce=d20c0bf22f&service=500px&state=10092&oauth_consumer_key=CONSUMER_KEYoauth_nonce=c3388a2e9710eeb544c6abf352c3988d&oauth_signature=om5t+PzBAIK1AIqgqD4Wdut+Ilg=&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1424195296&oauth_version=1.0
( linebreaks are only in place for readability ) and I get [status] => 401 Unauthorized [body] => Invalid OAuth Request
in response. Same with POST.
Twitter, on the other hand, with the same framework, with technically identical code ( only the endpoints and the classname is changed ), sends the exact same request - only the Twitter endpoints instead - and it returns a token, just as expected.
Any idea how to remotely fix the OAuth endpoint of 500px? Because it is broken.
— Reply to this email directly or view it on GitHub https://github.com/500px/api-documentation/issues/96#issuecomment-74717452 .
José Carlos García Sogo jcsogo@gmail.com
jescalan
commented
9 years ago It is quite picky, and gives you no feedback on what was wrong if you don't get them all right. Really very difficult to handle, honestly.
In case anyone is using node trying to do this, I did eventually figure out how to make it work through a library and have a mostly finished API wrapper here. You can either use this or dig into it a little (structure is quite simple) to see how the authenticated requests are made. It's fully tested as well.
petermolnar
commented
9 years ago @jcsogo according to the specification - as far as I'm reading the right section of "Redirection-Based Authorization" / "Temporary Credentials" - I should provide the following:
POST /request_temp_credentials HTTP/1.1
Host: server.example.com
Authorization: OAuth realm="Example",
oauth_consumer_key="jd83jd92dhsh93js",
oauth_signature_method="PLAINTEXT",
oauth_callback="http%3A%2F%2Fclient.example.net%2Fcb%3Fx%3D1",
oauth_signature="ja893SD9%26"So far I've tried ( all GET with Authorization: OAuth realm="api.500px.com" header ) the following to get the initial connection working:
https://api.500px.com/v1/oauth/request_token?
oauth_consumer_key=CONSUMER_KEY&
oauth_nonce=31799bccff4e2c69460ecb3372d6b09b&
oauth_signature=1/3uJzyYKXoILJMj1Q0eTqnqqpI=&
oauth_signature_method=HMAC-SHA1&
oauth_timestamp=1424212514https://api.500px.com/v1/oauth/request_token?
oauth_consumer_key="CONSUMER_KEY"&
oauth_nonce="b8aa3b86cea9abdee6dc5ec98f834e43"&
oauth_signature="19Isy3WxSweXMNDSzvQv1ehqgx8="&
oauth_signature_method="HMAC-SHA1"&
oauth_timestamp="1424212435"'https://api.500px.com/v1/oauth/request_token?
oauth_consumer_key=CONSUMER_KEY&
oauth_signature=IXIx6iPnRErtXstcDCfhPVuJVD0=&
oauth_signature_method=HMAC-SHA1https://api.500px.com/v1/oauth/request_token?
oauth_consumer_key="CONSUMER_KEY"&
oauth_signature="1CpEx5zvZz8w3YluxyuQYJ52IhU="&
oauth_signature_method="HMAC-SHA1"https://api.500px.com/v1/oauth/request_token?
oauth_callback="https://petermolnar.eu/wp-admin/tools.php?page=keyring&service=500px"&
oauth_consumer_key="CONSUMER_KEY"&
oauth_signature="Q/D01Ehe4CvwUQnadiQnyby+ITI="&
oauth_signature_method="HMAC-SHA1"https://api.500px.com/v1/oauth/request_token?
oauth_callback=https://petermolnar.eu/wp-admin/tools.php?page=keyring&service=500px&
oauth_consumer_key=CONSUMER_KEY&
oauth_signature=OxB+SgKSr0y4xEcTV9bIsNwlTkc=&
oauth_signature_method=HMAC-SHA1All of these resulted a 401 response.
I'd really like to ask 500px to document what exact parameters and that in what way do they require those parameters, because it's kind of annoying that this lib works with [ delicious.com, Facebook, Flickr, Twitter, Eventbrite, Foursquare, Google Contacts, Instagram, Instapaper, LinkedIn, Moves, RunKeeper, TripIt, Tumblr, Yahoo! Updates ] without a glitch and only fails on 500px.
jcsogo
commented
9 years ago Another thing is that nonce has to be a string of 8 numbers. Trying to use something that is different make it fail. You can see what I am using here https://github.com/jcsogo/darktable/blob/500px/src/common/oauth1.c and here for the params that are passed in the URL https://github.com/jcsogo/darktable/blob/500px/src/imageio/storage/500px.c
It is not finished, but logs in.
On Wed, Feb 18, 2015 at 12:02 AM, Peter Molnar notifications@github.com wrote:
@jcsogo https://github.com/jcsogo according tothe specification http://tools.ietf.org/html/rfc5849#section-2.1 - as far as I'm reading the right section of "Redirection-Based Authorization" / "Temporary Credentials" - I should provide the following:
POST /request_temp_credentials HTTP/1.1 Host: server.example.com Authorization: OAuth realm="Example", oauth_consumer_key="jd83jd92dhsh93js", oauth_signature_method="PLAINTEXT", oauth_callback="http%3A%2F%2Fclient.example.net%2Fcb%3Fx%3D1", oauth_signature="ja893SD9%26"So far I've tried ( all GET with Authorization: OAuth realm="api.500px.com" header ) the following to get the initial connection working:
https://api.500px.com/v1/oauth/request_token? oauth_consumer_key=CONSUMER_KEY& oauth_nonce=31799bccff4e2c69460ecb3372d6b09b& oauth_signature=1/3uJzyYKXoILJMj1Q0eTqnqqpI=& oauth_signature_method=HMAC-SHA1& oauth_timestamp=1424212514 https://api.500px.com/v1/oauth/request_token?oauth_consumer_key=CONSUMER_KEY&oauth_nonce=31799bccff4e2c69460ecb3372d6b09b&oauth_signature=1/3uJzyYKXoILJMj1Q0eTqnqqpI=&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1424212514
https://api.500px.com/v1/oauth/request_token? oauth_consumer_key= https://api.500px.com/v1/oauth/request_token?oauth_consumer_key="CONSUMER_KEY"& oauth_nonce="b8aa3b86cea9abdee6dc5ec98f834e43"& oauth_signature="19Isy3WxSweXMNDSzvQv1ehqgx8="& oauth_signature_method="HMAC-SHA1"& oauth_timestamp="1424212435"'
https://api.500px.com/v1/oauth/request_token? oauth_consumer_key=CONSUMER_KEY& oauth_signature=IXIx6iPnRErtXstcDCfhPVuJVD0=& oauth_signature_method=HMAC-SHA1 https://api.500px.com/v1/oauth/request_token?oauth_consumer_key=CONSUMER_KEY&oauth_signature=IXIx6iPnRErtXstcDCfhPVuJVD0=&oauth_signature_method=HMAC-SHA1
https://api.500px.com/v1/oauth/request_token? oauth_consumer_key= https://api.500px.com/v1/oauth/request_token?oauth_consumer_key="CONSUMER_KEY"& oauth_signature="1CpEx5zvZz8w3YluxyuQYJ52IhU="& oauth_signature_method="HMAC-SHA1"
https://api.500px.com/v1/oauth/request_token? oauth_callback= https://api.500px.com/v1/oauth/request_token?oauth_callback="https://petermolnar.eu/wp-admin/tools.php?page=keyring&service=500px"& oauth_consumer_key="CONSUMER_KEY"& oauth_signature="Q/D01Ehe4CvwUQnadiQnyby+ITI="& oauth_signature_method="HMAC-SHA1"
https://api.500px.com/v1/oauth/request_token? oauth_callback=https://petermolnar.eu/wp-admin/tools.php?page=keyring&service=500px& oauth_consumer_key=CONSUMER_KEY& oauth_signature=OxB+SgKSr0y4xEcTV9bIsNwlTkc=& oauth_signature_method=HMAC-SHA1 https://api.500px.com/v1/oauth/request_token?oauth_callback=https://petermolnar.eu/wp-admin/tools.php?page=keyring&service=500px&oauth_consumer_key=CONSUMER_KEY&oauth_signature=OxB+SgKSr0y4xEcTV9bIsNwlTkc=&oauth_signature_method=HMAC-SHA1
All of these resulted a 401 response.
I'd really like to ask 500px to document what exact parameters and that in what way do they require those parameters, because it's kind of annoying that this lib https://wordpress.org/plugins/keyring/ works with [ delicious.com, Facebook, Flickr, Twitter, Eventbrite, Foursquare, Google Contacts, Instagram, Instapaper, LinkedIn, Moves, RunKeeper, TripIt, Tumblr, Yahoo! Updates ] without a glitch and only fails on 500px.
— Reply to this email directly or view it on GitHub https://github.com/500px/api-documentation/issues/96#issuecomment-74774392 .
José Carlos García Sogo jcsogo@gmail.com
petermolnar
commented
9 years ago Another thing is that nonce has to be a string of 8 numbers
That is definitely not according to the documentation, especially because the nonce field is not used in the 2.1 example there.
jcsogo
commented
9 years ago Stick to this http://oauth.net/core/1.0/#anchor9 (document referenced from 500px api) and disregard whatever thing the API documentation itself says, there are errors in it.
On Wed, Feb 18, 2015 at 12:16 AM, Peter Molnar notifications@github.com wrote:
Another thing is that nonce has to be a string of 8 numbers That is definitely not according to the documentation, especially, because the nonce field is not used in the 2.1 example there.
— Reply to this email directly or view it on GitHub https://github.com/500px/api-documentation/issues/96#issuecomment-74776494 .
José Carlos García Sogo jcsogo@gmail.com
petermolnar
commented
9 years ago :: massive amount of swearwords :: it turned out that copy pasting the keys from the app page of 500px inserts a space in front of both the key and the secret...
Mea culpa. I got it working.
fullphat
commented
9 years ago This has caused me a ton of pain as well. I was stuck at the very first (request_token) step. The 500px documentation is very inaccurate and pointers to simply use the standard OAuth 1.0 flow are misleading as well. In the end, this code: http://stackoverflow.com/questions/24304681/500-px-api-with-c-sharp-throwing-500-internal-server-error was my salvation and shows how simple the process actually is if only the documentation was correct.
I'm totally new to C# (started with it last week) and OAuth so it's been a steep learning curve anyway. Here's what I found for getting the initial request_token process to work:
Once it's working, you take the oauth_token and ouath_token_secret that were provided in the body of the reply to request_token and this time fire up a form with a browser control in it as now the user will be asked to authorise your application (and log in to 500px if necessary).
Once again, the callback URL is not required (I assume 500px simply get it from your application's registration information) and the browser will be directed to it with the oauth_token and oauth_verifier in the URL as parameters. And, once again, I found a GET works whereas a POST does not.
Hope this helps others who are struggling!
z-vr
commented
8 years ago Despite the fact that the API uses OAuth 1.0a, the version parameter should be set to 1.0 and not 1.0a.
myke11j
commented
5 years ago I'm trying to get request access token for OAuth and followed everything as per documentation. But I'm kept getting the error message, "Invalid signature for signature method HMAC-SHA1".
I think I'm either missing some step in creating signature or doing something wrong.
Language used: Nodejs (JavaScript) URL: https://connectapi.garmin.com/oauth-service/oauth/request_token
Steps to create oauth token:
Am I doing something wrong?
montanizstills
commented
4 years ago Use postman auth. Preview the request, use same format.
I am trying to make an http POST request for 'oauth/request_token ' in authentication process but its throwing 'The remote server returned an error: (401) Unauthorized.' Tried various ways to form request but no help. Unable to figure out what exactly is missing in request. Following is my code :
Desperately want to add 500px as a service in my application, had given up on it two months ago as my issue here https://github.com/500px/api-documentation/issues/84 couldn't have been resolved. Thought of giving it a fresh start, any kind of help will be highly appreciated!