Issues connecting to oauth login provider [#1214928]

Am getting the following error:

Fatal error: Uncaught exception 'Exception' with message 'Failed to fetch data from url "http://bakery.local/oauth/request_token" (HTTP response code 401 Unauthorized: Invalid signature): ' in /Users/rachel/Web/bread.bakery.local/public/sites/all/modules/oauth/includes/DrupalOAuthClient.inc:347

Stack trace:

#0 /Users/rachel/Web/bread.bakery.local/public/sites/all/modules/oauth/includes/DrupalOAuthClient.inc(123): DrupalOAuthClient->get('/oauth/request_...', Array)

#1 /Users/rachel/Web/bread.bakery.local/public/sites/all/modules/oauthconnector/oauthconnector.module(388): DrupalOAuthClient->getRequestToken('/oauth/request_...', Array)

#2 /Users/rachel/Web/bread.bakery.local/public/includes/form.inc(781): _oauthconnector_button(Array, Array)

#3 /Users/rachel/Web/bread.bakery.local/public/includes/form.inc(421): form_execute_handlers('submit', Array, Array)

#4 /Users/rachel/Web/bread.bakery.local/public/includes/form.inc(120): drupal_process_form('connector_butto...', Array, Array)

#5 /Users/rachel/Web/bread.bakery.local/publ in /Users/rachel/Web/bread.bakery.local/public/sites/all/modules/oauth/includes/DrupalOAuthClient.inc on line 347

Have placed my setup here:

https://github.com/didlix/Drupal-OAuth

As far as I can tell, all my signature stuff is setup properly.

Comments

Comment #1

niccolox CreditAttribution: niccolox commented 17 July 2011 at 06:40

very interested in the outcome of this

I am looking at using OAuth for a Drupal-Drupal single-sign-on type solution http://groups.drupal.org/node/140874#comment-526854

did you get the Oauth provider approach to work ?

Comment #2

voxpelli CreditAttribution: voxpelli commented 17 July 2011 at 12:35

For the reference - I myself have the OAuth Login Provider approach working as that's one of my main testing methods when building OAuth Connector. So it should work - just need to find some time to help didlix debug this.

Comment #3

niccolox CreditAttribution: niccolox commented 19 July 2011 at 05:31

am working through set-up now...

question, do you need to do authorization for every new user? or do you create one trusted connection between sites and all users can piggy-back on this?

in short, does it allow single-signon?

Comment #4

didlix CreditAttribution: didlix commented 20 July 2011 at 16:42

My understanding is that you create one trusted connection between sites.

Comment #5

voxpelli CreditAttribution: voxpelli commented 25 July 2011 at 18:58

It should work like logging in through Twitter - only issue is that the second time you log in it isn't done automatically like Twitter does - the OAuth module needs to be tweaked a bit to support that and the work that was started on that never got finished it seems.

Comment #6

niccolox CreditAttribution: niccolox commented 26 July 2011 at 04:01

hey voxpelli, could you perhaps release the oauth install profile you used in your video demo?

Comment #7

voxpelli CreditAttribution: voxpelli commented 26 July 2011 at 13:38

I unfortunately have no install profile - I only have this exported configuration: https://gist.github.com/1069596

Comment #8

MegaChriz CreditAttribution: MegaChriz commented 27 July 2011 at 10:01

I'm getting the same error as didlix.

Client site: http://192.168.0.203:6015
Server site: http://192.168.0.203:6016

The server website and the client website are setup on the same server. They are both setup locally and can only be accessed from within the network. I followed the steps described at http://groups.drupal.org/node/140874#comment-544684

Modules installed on client:
- Drupal core 6.22
- Autoload 6.x-2.1
- Chaos tool suite 6.x-1.x-dev (2011-07-26)
- Connector 6.x-1.0-alpha1
- Http Client 6.x-2.1
- Http Client OAuth 6.x-2.1
- OAuth 6.x-3.0-beta4
- OAuth Connector 6.x-1.0-alpha1

Modules installed on server:
- Drupal core 6.22
- Autoload 6.x-2.1
- Chaos tool suite 6.x-1.x-dev (2011-07-26)
- OAuth 6.x-3.0-beta4
- OAuth Provider UI 6.x-3.0-beta4
- OAuth Login Provider 6.x-1.1
- Services 6.x-3.0-rc1
- OAuth Authentication 6.x-3.0-rc1
- REST Server 6.x-3.0-rc1

Server configurations
Configuration for one authenticated user:
Authorizations
(None listed)
Consumers
Consumer name: drupal_6015
Callback url: oob
Key: QrmSYu4Yh7MyyMVAu9SvmQQEag6o8Z2g
Secret: VihSFLyEAiGwC5fujVdnDcQvhSXbHqeS
The callback url, key and secret where generated by the module.

OAuth context settings (I added plaintext as a signature method to see if that would make any difference):

<?php
$context = new stdClass;
$context->disabled = FALSE; /* Edit this to true to make a default context disabled initially */
$context->api_version = 1;
$context->name = 'oauthlogin';
$context->title = 'OAuth login';
$context->authorization_options = array(
  'access_token_lifetime' => '120',
  'page_title' => 'Login to @appname',
  'message' => 'Hi @user! Click on the "login" button to log in to @appname. This will log you in to @appname and give it access to details like your username and email, but not to your password.',
  'warning' => 'Click here if you didn\'t ask to be logged in to @appname.',
  'deny_access_title' => 'Cancel',
  'grant_access_title' => 'Login',
  'disable_auth_level_selection' => 1,
  'signature_methods' => array(
    0 => 'PLAINTEXT',
    1 => 'HMAC-SHA1',
    2 => 'HMAC-SHA256',
    3 => 'HMAC-SHA384',
    4 => 'HMAC-SHA512',
  ),
  'default_authorization_levels' => array(
    0 => 'user_info',
  ),
);
$context->authorization_levels = array(
  'user_info' => array(
    'name' => 'user_info',
    'title' => 'Yes, I want to log in to @appname as @user',
    'description' => 'This will log you in to @appname and give it access to details like your username and email, but not to your password.',
    'default' => 1,
    'delete' => 0,
  ),
);
?>

Permissions: the anonymous and the authenticated user got all permissions from oauth_common and services.

Client site configurations
OAuth Connector Provider settings

<?php
$provider = new stdClass;
$provider->disabled = FALSE; /* Edit this to true to make a default provider disabled initially */
$provider->name = 'drupal_6016';
$provider->title = 'Drupal 6016';
$provider->url = 'http://192.168.0.203:6016';
$provider->consumer_advanced = array(
  'signature method' => 'HMAC-SHA512',
  'authentication realm' => '',
  'request token endpoint' => '/oauth/request_token',
  'authorization endpoint' => '/oauth/authorize',
  'access token endpoint' => '/oauth/access_token',
);
$provider->mapping = array(
  'fields' => array(
    'uid' => array(
      'resource' => 'http://192.168.0.203:6016/oauthlogin/api/user/info',
      'method post' => 1,
      'field' => 'uid',
      'querypath' => FALSE,
    ),
    'real name' => array(
      'resource' => 'http://192.168.0.203:6016/oauthlogin/api/user/info',
      'method post' => 1,
      'field' => 'name',
      'querypath' => FALSE,
    ),
    'avatar' => array(
      'resource' => '',
      'method post' => 0,
      'field' => '',
      'querypath' => FALSE,
    ),
  ),
  'format' => 'php',
);
?>

Permissions: the anonymous and the authenticated user got all permissions from oauth_common.

Comment #9

pingwin4eg

Zaporizhia 🇺🇦

CreditAttribution: pingwin4eg commented 1 September 2011 at 13:07

Catch 406 Not Acceptable when trying to request token from twitter.
Removed header Accept: application/x-www-form-urlencoded - catched 401 Unauthorized.
Is that header should be sent to api at all? Or what's it for?

Comment #10

pingwin4eg

Zaporizhia 🇺🇦

CreditAttribution: pingwin4eg commented 2 September 2011 at 06:54

My fault. That header is sending by oauth module.
I found a solution for my twitter app: 'callback url' field just shouldn't be blank.

Comment #11

bonn CreditAttribution: bonn commented 6 January 2012 at 08:48

I have oauth provider at siteA, and oauth connector at siteB.
siteA has 2 users: root and admin.
siteB has just 1 user: root, and the 'Connect with siteA' button block.

in siteA, I generated consumer key and secret for user root to be used for connector configuration at siteB.

In siteB, I clicked 'Connect with siteA' using siteA admin user, then redirected to siteA with Oauth login page, then I clicked the login button and a message 'Authorization finished' was displayed.

I visited siteB in an new URL, but I don't automatically logged-in with admin user?

Are above process flows correct?

Comment #12

shenzhuxi CreditAttribution: shenzhuxi commented 30 November 2012 at 12:15

Version:

6.x-1.x-dev

» 7.x-1.x-dev

I got success on LAMP servers but I got the same problem with 7.x-1.x and 7.x-1.0-beta1 on Nginx + PHP-FPM. PHP CGI seems to be the problem.
Can we have a document for that?

provider:

$endpoint = new stdClass();
$endpoint->disabled = FALSE; /* Edit this to true to make a default endpoint disabled initially */
$endpoint->api_version = 3;
$endpoint->name = 'oauthlogin';
$endpoint->server = 'rest_server';
$endpoint->path = 'oauthlogin/api';
$endpoint->authentication = array(
  'services' => 'services',
  'services_oauth' => array(
    'oauth_context' => 'oauthlogin',
    'authorization' => 'user_info',
    'credentials' => 'token',
  ),
);
$endpoint->server_settings = array(
  'formatters' => array(
    'bencode' => TRUE,
    'json' => TRUE,
    'jsonp' => TRUE,
    'php' => TRUE,
    'rss' => TRUE,
    'xml' => TRUE,
  ),
  'parsers' => array(
    'application/json' => TRUE,
    'application/vnd.php.serialized' => TRUE,
    'application/x-www-form-urlencoded' => TRUE,
    'application/xml' => TRUE,
    'multipart/form-data' => TRUE,
    'text/xml' => TRUE,
  ),
);
$endpoint->resources = array(
  'oauthlogin' => array(
    'actions' => array(
      'info' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
    ),
  ),
  'user' => array(
    'operations' => array(
      'retrieve' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'create' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'update' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'delete' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'index' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
    ),
    'actions' => array(
      'login' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'logout' => array(
        'enabled' => '1',
        'settings' => array(
          'services' => array(
            'resource_api_version' => '1.0',
          ),
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'register' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
    ),
  ),
);
$endpoint->debug = 1;

connector:

$provider = new stdClass();
$provider->disabled = FALSE; /* Edit this to true to make a default provider disabled initially */
$provider->name = 'test';
$provider->title = 'test';
$provider->url = 'http://localhost:81/';
$provider->consumer_advanced = array(
  'oauth2' => 0,
  'signature method' => 'HMAC-SHA1',
  'authentication realm' => '',
  'request token endpoint' => '/oauth/request_token',
  'authorization scope' => '',
  'authorization endpoint' => '/oauth/authorize',
  'access token endpoint' => '/oauth/access_token',
);
$provider->mapping = array(
  'fields' => array(
    'uid' => array(
      'resource' => 'http://localhost:81/oauthlogin/api/user/info',
      'method post' => 1,
      'field' => 'uid',
      'querypath' => FALSE,
      'sync_with_field' => '',
    ),
    'name' => array(
      'resource' => 'http://localhost:81/oauthlogin/api/user/info',
      'method post' => 1,
      'field' => 'name',
      'querypath' => FALSE,
      'sync_with_field' => '',
    ),
    'avatar' => array(
      'resource' => '',
      'method post' => 0,
      'field' => '',
      'querypath' => FALSE,
      'sync_with_field' => '',
    ),
  ),
  'format' => 'json',
);

Comment #13

shenzhuxi CreditAttribution: shenzhuxi commented 30 November 2012 at 14:08

Nginx problem seems be be solved and "Authorization finished" was finally displayed after adding "fastcgi_param REDIRECT_URL $request_uri;" following http://drupal.org/node/1424678.

Comment #14

aanjaneyam CreditAttribution: aanjaneyam commented 14 January 2013 at 23:48

I have tried all possible combinations of settings but am still getting the error mentioned by didlix. I am using BOA aegir setup with nginx and php-fpm. I also tried the nginx setting in #13 above. I don't know what am I missing. Is there a particular nginx.conf file in BOA seup that I have to add the settings to. I also downloaded the dev version of oauthconnector. Deleleted and and recreated consumer with new keys.

$endpoint = new stdClass();
$endpoint->disabled = FALSE; /* Edit this to true to make a default endpoint disabled initially */
$endpoint->api_version = 3;
$endpoint->name = 'oauthlogin';
$endpoint->server = 'rest_server';
$endpoint->path = 'oauthlogin/api';
$endpoint->authentication = array(
  'services' => 'services',
  'services_oauth' => array(
    'oauth_context' => 'oauthlogin',
    'authorization' => 'user_info',
    'credentials' => 'token',
  ),
);
$endpoint->server_settings = array(
  'formatters' => array(
    'bencode' => TRUE,
    'json' => TRUE,
    'jsonp' => TRUE,
    'php' => TRUE,
    'rss' => TRUE,
    'xml' => TRUE,
    'yaml' => TRUE,
  ),
  'parsers' => array(
    'application/json' => TRUE,
    'application/vnd.php.serialized' => TRUE,
    'application/x-www-form-urlencoded' => TRUE,
    'application/x-yaml' => TRUE,
    'application/xml' => TRUE,
    'multipart/form-data' => TRUE,
    'text/xml' => TRUE,
  ),
);
$endpoint->resources = array(
  'oauthlogin' => array(
    'actions' => array(
      'info' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
    ),
  ),
  'user' => array(
    'operations' => array(
      'retrieve' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'create' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'update' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'delete' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'index' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
    ),
    'actions' => array(
      'login' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'logout' => array(
        'enabled' => '1',
        'settings' => array(
          'services' => array(
            'resource_api_version' => '1.0',
          ),
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
      'register' => array(
        'enabled' => '1',
        'settings' => array(
          'services_oauth' => array(
            'credentials' => '',
            'authorization' => '',
          ),
        ),
      ),
    ),
  ),
);
$endpoint->debug = 1;

Consumer /client connector config:

$provider = new stdClass();
$provider->disabled = FALSE; /* Edit this to true to make a default provider disabled initially */
$provider->name = 'domain';
$provider->title = 'Domain';
$provider->url = 'http://domain.com';
$provider->consumer_advanced = array(
  'oauth2' => 0,
  'signature method' => 'HMAC-SHA1',
  'authentication realm' => '',
  'request token endpoint' => '/oauth/request_token',
  'authorization scope' => '',
  'authorization endpoint' => '/oauth/authorize',
  'access token endpoint' => '/oauth/access_token',
);
$provider->mapping = array(
  'fields' => array(
    'uid' => array(
      'resource' => 'http://domain.com/oauthlogin/api/user/info',
      'method post' => 1,
      'field' => 'uid',
      'querypath' => FALSE,
      'sync_with_field' => '',
    ),
    'name' => array(
      'resource' => 'http://domain.com/oauthlogin/api/user/info',
      'method post' => 1,
      'field' => 'name',
      'querypath' => FALSE,
      'sync_with_field' => '',
    ),
    'avatar' => array(
      'resource' => 'http://domain.com/oauthlogin/api/user/info',
      'method post' => 0,
      'field' => 'picture',
      'querypath' => FALSE,
      'sync_with_field' => '',
    ),
  ),
  'format' => 'json',
);

Comment #15

aanjaneyam CreditAttribution: aanjaneyam commented 16 January 2013 at 23:50

This does not work on nginx despite trying all settings. I also installed the oauth php extension. I have not tested it in apache. At the moment setting this up seems to be beyond my competence. A clear documentation on how to set it up both on nginx and apache is needed.

Comment #16

cloudbull CreditAttribution: cloudbull commented 14 March 2013 at 08:31

Same situation here

[Thu Mar 14 01:30:31 2013] [error] [client 192.168.248.1] PHP Fatal error: Uncaught exception 'OAuthException' with message 'Invalid auth/bad request (got a 401, expected HTTP/1.1 20X or a redirect)' in /var/www/oauthclient.php:17\nStack trace:\n#0 /var/www/oauthclient.php(17): OAuth->getRequestToken('http://sso.druc...')\n#1 {main}\n thrown in /var/www/oauthclient.php on line 17

I added #13 with no luck

Comment #17

stonevo CreditAttribution: stonevo commented 5 September 2013 at 04:12

I had the same problem. Do you figure out this problem?

Comment #18

dxx CreditAttribution: dxx commented 19 November 2014 at 13:00

Issue summary:

View changes

Hi,

I have the same problem.

Reproduce (in my case):
Login you with Google+, you redirected into account create form, do not fill the form and return to the login page and click again on the Google+ button.

Apache 2.2.22-13+deb7u3
Debian 7.2 x86_64 GNU/Linux
PHP 5.4 FastCGI