Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi, i have installed Services and oAuth module, but i can't authenticate to my REST server.
The error i get when i try to call service ( http://drupalsite/endpoint/node/1?oauth_consumer_key=eAQjV6.... ) with my access_token and other details is "NetworkError: 401 Unauthorized:The consumer is not authorized to access this service".
I have created oAuth context. REST server is using oAuth auth and with my created context.
Also i have created Consumer which has the same context.
Maybe i have missed some configuration? or is this bug?
Thanks.
Comments
Comment #1
kylebrowning CreditAttribution: kylebrowning commentedThis is an oAuth bug.
Comment #2
edb CreditAttribution: edb commentedCould you share the code you have used to get up to this point? There is zero documentation around for this stuff and it would be useful for others to take a look.
Comment #3
borys CreditAttribution: borys commentedYou can follow this instructions to get all needed keys and authorize your application:
http://groups.drupal.org/node/131039#comment-426184
Then i have used "example/index.php" file from this library (http://oauth.googlecode.com/svn/code/php/), filled all keys, that should look something like this:
Then you can go to this page and the last link should look something like this:
Example
http://drupalsite/endpoint/node/1?oauth_consumer_key=eAQjV6K3ob99TSebb3d...
This link should call API, but i get 'The consumer is not authorized to access this service' error.
If you will get this working with Services 3.x and Drupal 7, please share the information.
Comment #4
solange_k CreditAttribution: solange_k commentedI have the same problem, using OAuth Authentication 7.x-3.1, Services 7.x-3.1 + REST Server 7.x-3.1, I've configured everything correctly as far as I can tell, ie, created context, consumer, and set to use "Enable the oauth provider" etc , I'm using http://code.google.com/p/oauth/ to test (having downloaded svn on localhost) with all the required parameters (key + secret) and invariably the server response is "401 Unauthorized: Invalid signature".
I've tried everything.... anyone have any clues? ?
Thanks
Comment #5
jobeirne CreditAttribution: jobeirne commentedWhich version of the OAuth module is everyone using? I highly recommend working off of a dev branch, and then pegging to a specific commit when you find a version that works for you.
After having installed OAuth/Services/REST Server, creating a context, and creating a consumer, I've followed the instructions here (under 'Obtaining an Access Token Pair'). I then use Groovy's HTTPBuilder to communicate with the Drupal endpoint, also detailed in the link above.
The above works fine for me. I wonder if there's a misunderstanding in your use of (or a bug in) the PHP library you're using to make requests.
James
Comment #6
Alan Evans CreditAttribution: Alan Evans commentedJust a suggestion here - I'm opening a separate issue about updating the OAuth.php lib from google in oauth.module, but in my case this was the solution to my authentication woes on services. Problems arise if you have API client code using the latest google OAuth.php to sign a request, but oauth.module uses an older version which has some issues.
You can try downloading the latest from google ( http://oauth.googlecode.com/svn/code/php/ ) , and replacing the bundled file under oauth/lib/ with the new one and see if that helps. There aren't many changes, but the $_SERVER['SERVER_NAME'] change is massively significant if you use a non-standard port.
Comment #7
Alan Evans CreditAttribution: Alan Evans commentedSee also #1337718: OAuthRequest->http_url defaults to having the port twice! - this is one possible cause of auth failures (client code signs with a different url as the server verifying). Note that the main issue that is addressed here only applies if you're using a non-standard port.
Comment #8
TriangleTodd CreditAttribution: TriangleTodd commentedI don't know that a lot of people here write or know perl, but it's what I use for OAuth testing. Hope it helps.
Note: I have yet to get OAuth working and I am receiving the error in this bug report. If I'm doing something wrong in the script below please let me know. If there is a patch you can point me to for this particular issue that would also be appreciated.
Comment #9
christianchristensen CreditAttribution: christianchristensen commented(Note: this patch is against 6.x-3.x, but I think this might need some thought...)
I noticed I was getting an Invalid signature against OAuth as a server regardless of what client I was trying. Upon debugging it turned out the bit trying to parse the query string and avoid collision with "q" was being triggered, even though the client wasn't aware of a "q" parameter. I suspect this b/c I am using nginx+php-fpm with rewrite rules, which seems like it could be a more broad problem. My solution here was to do one last ditch detection looking for "oauth/" in the "q" query string.
Comment #10
christianchristensen CreditAttribution: christianchristensen commentedUpdating this patch with consideration for port information as well - these seem like additional options relevant to a representative drupal installations.
Comment #11
christianchristensen CreditAttribution: christianchristensen commentedCleaner version of #10
Comment #12
glennpratt CreditAttribution: glennpratt commentedI wouldn't even hide this behind a variable. Drupal carefully built $base_url for you and provides options to override it.
As far as I can tell, the code in the OAuth library is wrong, it will break on a reverse proxy or if your servers hostname isn't set to the public hostname. See:
http://code.google.com/p/oauth/source/browse/code/php/OAuth.php#258
Comment #13
glennpratt CreditAttribution: glennpratt commentedDreditor changed status on me.
Comment #14
christianchristensen CreditAttribution: christianchristensen commented@glennpratt Fair point!
Comment #15
christianchristensen CreditAttribution: christianchristensen commentedI have been working through this a bit more and based on my earlier patch, matching on "oauth/" in the path, this does not account for the variety of ways other URL strings could be called (i.e. services_oauth). I am offering up a compromise here to ignore all "q=" query path options (default drupal case) until a more reasonable comparison to pull out "q=" passed vs. "q=" from drupal cases.
Comment #16
devkinetic CreditAttribution: devkinetic commentedchristianchristensen, your patch in #15 has resolved my separate issue #1536852: WSOD on oauth/request_token
Comment #17
miqmago CreditAttribution: miqmago commentedAfter appliyng #15 I get "401 Unauthorized: Invalid signature" when requesting a token with valid consumer and valid consumer secret. When reverting the patch this error disappears.
GET /public_html/oauth/request_token?oauth_consumer_key=yrh...&oauth_nonce=ea0...&oauth_signature=C5B...&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1336214121&oauth_version=1.0 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ca,es-es;q=0.8,es;q=0.6,en-us;q=0.4,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost/android_tests/oauth_test/example/client.php
Cookie: has_js=1
oauth_consumer_key yrh...
oauth_nonce ea0...
oauth_signature C5B...
oauth_signature_method HMAC-SHA1
oauth_timestamp 1336214121
oauth_version 1.0
Comment #18
miqmago CreditAttribution: miqmago commentedI haven't seen this was a D6 patch. Anyway, is this appliyng to D7?
Comment #19
miqmago CreditAttribution: miqmago commentedAfter scratching and scratching my head, I see this is a documentation & design problem.
Please, see this StackOverflow question
Comment #20
kylebrowning CreditAttribution: kylebrowning commentedto be clear you should probably be using Services 7.x-3.x-dev it has updates to the services oauth module that may fix your issues.
I have successfully created an endpoint, and made successful 2 legged AND 2 legged oath calls.
I really think he oath module is in bad bad shape and I cant really decide if I should start a new branch and do it correctly. or fix the latest dev :/
The usability behind it is terrible and Im going to start cleaning it up pretty soon.
Comment #21
Syntapse CreditAttribution: Syntapse commentedThat's great news. i put oauth testing aside since my first post, but i'll get back on to testing once there's a cleaner build to test... An set of accompanying videos or recipes would be great. I'm happy to contribute once I get some use cases going...
Comment #22
eojthebraveJust wanted to chime in and say that I am also making successful 2-legged calls with the latest dev release of services (7.x-3.x), and that it does not work with the 7.x-3.1 release.
Comment #23
muschpusch CreditAttribution: muschpusch commentedCould please someone share how he achieved this? Should it still work on current dev?
Comment #24
alandarev CreditAttribution: alandarev commentedI am newbie in OAuth + Services, but wanted to try 'industrial standards' while writing my internal infrastructure.
What can go wrong? Just install few stable modules, configure then and done! Sadly NO...
Ok, sorry for abstract. Have been having same issue with 7.x-3.1 stable Services and 7.x-3.0 OAuth.
After reading this article, decided to try 7.x-3.x dev of Services, and it seems to be working now (in 3 legged OAuth + REST )
So I advice you trying dev branch of Services.
Comment #25
muschpusch CreditAttribution: muschpusch commentedI failed even with services in dev. Moved back to session authentification. Did you apply any patches?
Comment #26
alandarev CreditAttribution: alandarev commentedThe described issue seems to be fixed in 7.x-3.x-dev as pointed out in comments #20, #22, #24