401 error, "Token not found for {access_token}"

[Cambysses]

Hello,

I'm getting hung up somewhere along the line in the OAuth process but I'm not sure where.

Step 1, I get the request token, no problem.

Step 2, I get the access token, again no problem.

Step 3, I navigate to https://www.tripit.com/oauth/authorize?oauth_token={access_token} and authorize the account (seemingly) succesfully.

But after that, none of my GET requests are succeeding.

Here's the response from a GET to https://api.tripit.com/v1/get/note/id/{myidhere}:

{ "error": "<Response><Error><code>401</code><detailed_error_code>106.200000</detailed_error_code><description>Token not found for {myaccesstokenhere}</description></Error></Response>" }

Any thoughts on what could be causing this? My consumer key and access token are included in the header.

Thanks, Cambysses

[julsat]

Hi Cambysses, I have confirmed that oauth process is working as expected and I do get resources with correct access token. From the list of steps listed above, it looks like you have missed the last one before being able to request resources. After user authorizes the app, you need to request access token which will be used to request resources. You can find instructions how to request in "Step 3: Obtaining an Access Token" http://tripit.github.io/api/doc/v1/index.html#oauth

-Julia

[Cambysses]

Hi Julia,

Thank you for the response. I've gotten the access token working but I'm being presented with a new error:

<Response>
    <Error>
        <code>401</code>
        <detailed_error_code>104.100000</detailed_error_code>
        <description>Invalid Signature</description>
    </Error>
</Response>

I'm still using Postman and my signature settings are exactly the same as for step 1 of retrieving the oauth token which works without any problems. Here's my curl statement:

curl --location --request POST 'https://api.tripit.com/oauth/access_token' \
--header 'Authorization: OAuth oauth_consumer_key="c1e4a09bb08ed4fcb8a3b009743fc3e6d433190b",oauth_token="9146c464cd744c34a9fd823c11530687",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1650390835",oauth_nonce="V6Onk1x20I9",oauth_version="1.0",oauth_signature="XvrmoUmF4TKu5jcVO1z2oStqkSk%3D"'

Any idea what could possibly be wrong between these two steps? I'm at a loss here.

Thanks! Cambysses

[julsat]

Well, by looking at the message, it looks like it is related to signature (https://oauth.net/core/1.0/#signing_process) I would suggest using an oauth library for the language of your choice. The library would generate correct nonce and signatures throughout the process and ensure no manual mistakes.

-Julia

[Cambysses]

I realize the error is complaining about the signature, but the signature is being generated automatically by Postman using the HMAC-SHA1 method. If you're not familiar with Postman it is a very widely used program for testing APIs.

What doesn't make sense is why this exact same signature generation works for the first step? Nothing at all is different in this step. When I look at past issues on this repo I see a lot of other people having the same issue but no clear solution has been posted.

Examples:

250 #239 #235 #272 #244

Some of these found a solution related to php bindings, but I'm not using php - I'm accessing the api directly with postman via curl.

[julsat]

Got Postman working as well. Make sure you are passing correct tokens. Step 3 - requesting access token - requires token/secret from step one. Step 4 - requesting resources - requires token/secret from step 3.

[Cambysses]

Below are my collection and environment for Postman. Could you check this out and see if I am missing something?

Postman.zip

"Step 2" in the collection is where I am getting stuck with the "Invalid Signature" error.

Could you possibly share your Postman collection as well? If I compare mine to yours I may be able to find what I am doing wrong.

[julsat]

Unfortunately, there isn't a single fix for this collection. One of the biggest issues is how Authorization params are passed in POST requests as well as you should be using x-www-form-urlencoded in the body section. As I'm not sure you are doing the intermediate user authorization step which goes between you step 1 and step 2, I'd suggest verifying that this step is done.

or check out existing examples of bindings in tripit repo(there is a number of examples for a variety of languages).

[Cambysses]

Hi there,

I was able to get this working in Postman, although I'm still not sure what the problem was. The last thing I tried was resetting the consumer secret.

However, while Postman is working, my C# project is not. I retrieve the request / access keys just fine, but I get a 401 error when calling the Create() method with my XML. I am able to create the trip object in Postman just fine.

Here is the XML that I am passing into the TripIt.Create() method as a string:

<Request>
    <Trip>
        <start_date>2022-04-10</start_date>
        <end_date>2022-04-17</end_date>
        <is_private>true</is_private>
        <primary_location></primary_location>
    </Trip>
</Request>

Any thoughts on why this would work in Postman but not with my C# bindings?

If possible I'd be happy to schedule a call or screen sharing session with somebody at TripIt to help troubleshoot this.

Thanks, Cambysses

[Cambysses]

Well I should have tried this earlier, but I wiped out my existing TripIt.dll file and downloaded a new one from http://tripit.github.io/api/. It's working now.

I have no idea what the problem was, but this can be closed.