GoogleCodeExporter
commented
8 years ago BTW, I failed to mention the OS. It's on Mac with Snow Leopard and JDK 1.6Original comment by spot...@gmail.com on 13 Jan 2010 at 8:36
Closed GoogleCodeExporter closed 8 years ago
GoogleCodeExporter
commented
8 years ago BTW, I failed to mention the OS. It's on Mac with Snow Leopard and JDK 1.6Original comment by spot...@gmail.com on 13 Jan 2010 at 8:36
GoogleCodeExporter
commented
8 years ago I don't get it. What is that Main program supposed to do? You're configuring it
with
NetFlix credentials and then you try to access a FireEagle resource with these.
Is that the actual code you're using?Original comment by m.kaepp...@gmail.com on 13 Jan 2010 at 8:45
GoogleCodeExporter
commented
8 years ago Also, where do you see the 401? When retrieving one of the tokens or when
sending the
signed POST?Original comment by m.kaepp...@gmail.com on 13 Jan 2010 at 8:48
GoogleCodeExporter
commented
8 years ago I should have removed the commented out code that's referring to FireEagle
stuff.
That commented code is not relevant for this (I am reattaching the file with
everything that's not relevant removed).
I get 401 when I make the call "retrieveRequestToken(OAuth.OUT_OF_BAND)".Original comment by spot...@gmail.com on 13 Jan 2010 at 9:55
Attachments:
GoogleCodeExporter
commented
8 years ago okay I found the reason. It's indeed because the Netflix implementation is
buggy/non-
conformous. FireEagle had the same problem: they forbid empty parameters (e.g.
oauth_token=), even though it's clearly demanded by the standard that ALL
request
parameters must be part of the signature, even those which are empty (cf.
http://oauth.net/core/1.0a/#anchor13 section 9.1.1 paragraph 2).
You may want to raise an issue against the Netflix API about that.
Since this is the second time a service provider had this problem, I decided to
include a compatibility flag into Signpost, which one can use to access service
providers suffering from this issue. This will be part of the 1.2 release,
which will
happen soon.Original comment by m.kaepp...@gmail.com on 13 Jan 2010 at 8:33
GoogleCodeExporter
commented
8 years ago the attached build fixes this problem in the test case you provided.
immediately after creating your consumer, do this:
consumer.setCompatibilityModeForEmptyTokens(true);
and tell me if that fixes your problems.Original comment by m.kaepp...@gmail.com on 13 Jan 2010 at 8:46
Attachments:
GoogleCodeExporter
commented
8 years ago in fact I just realized that the standard is not as clear on this as I
thought... in
appendix A2, it does NOT list the oauth_token parameter as part of the request
in the
example (http://oauth.net/core/1.0a/#anchor43).
You can still use that JAR I posted, but I may have to change it once more...
standards, sigh.Original comment by m.kaepp...@gmail.com on 13 Jan 2010 at 9:06
GoogleCodeExporter
commented
8 years ago Thanks a lot for a quick turn around. I will give a try and let you know.Original comment by spot...@gmail.com on 13 Jan 2010 at 9:15
GoogleCodeExporter
commented
8 years ago I tried this with the snapshot you sent me but it looks like this core is
incompatible with the commons-http4-1.2-SNAPSHOT I have as I am getting the
following
exception:
Exception in thread "main" java.lang.NoSuchMethodError:
oauth.signpost.AbstractOAuthConsumer.<init>(Ljava/lang/String;Ljava/lang/String;
Loauth/signpost/signature/SignatureMethod;)V
at
oauth.signpost.commonshttp.CommonsHttpOAuthConsumer.<init>(CommonsHttpOAuthConsu
mer.java:12)
at Main.main(Main.java:20)
Original comment by spot...@gmail.com on 13 Jan 2010 at 9:24
GoogleCodeExporter
commented
8 years ago Ah crap. Okay, maybe gimme another day for this so I can get this right.
I just had a brief discussion with the Netflix guys on their API forums, and
the
conclusion pretty much is that both client (Signpost) and server (Netflix)
should
make their implementations more relaxing.
I will change Signpost to NOT include the empty token anymore by default, since
most
service providers seem to either accept BOTH solutions (i.e. empty and
non-empty
tokens, e.g. Twitter and Google) or only non-empty tokens (like Netflix).
I will keep that switch though, so clients can decide themselves what they
need, but
that means you'll have to change your code once more since I'll reverse the
logic of
that switch (i.e. create a sendEmptyTokens(yesno) setter).
Thanks for bringing this up, looks like you have discovered a weak spot in the
OAuth
spec :-)Original comment by m.kaepp...@gmail.com on 13 Jan 2010 at 9:33
GoogleCodeExporter
commented
8 years ago I released 1.2. I tested with Netflix and it works for me.
Can you please report back if 1.2 fixes this problem for you, so I can close
the ticket.Original comment by m.kaepp...@gmail.com on 28 Jan 2010 at 9:27
GoogleCodeExporter
commented
8 years ago OK. Will give a try but probably not until Monday. Thanks.Original comment by spot...@gmail.com on 29 Jan 2010 at 2:13
GoogleCodeExporter
commented
8 years ago Matthias,
Yes, the latest version works for me.. Thanks for the good work. Go ahead and
close
the ticket..
SureshOriginal comment by spot...@gmail.com on 3 Feb 2010 at 7:26
GoogleCodeExporter
commented
8 years ago good to hear.Original comment by m.kaepp...@gmail.com on 3 Feb 2010 at 8:58
GoogleCodeExporter
commented
8 years ago i have the following error while i am trying to fetch the LinkedIn feeds:
Exception in thread "main"
oauth.signpost.exception.OAuthCommunicationException: Communication with the
service provider failed: api.linkedin.com
can somebody please helpOriginal comment by arushich...@gmail.com on 25 Dec 2012 at 5:53
Original issue reported on code.google.com by
spot...@gmail.comon 13 Jan 2010 at 8:33Attachments: