CODEWITHSUNDEEP
javamagentooauth
Danny Gloudemans
Danny Gloudemans

Reputation: 2677

Magento Rest Oauth API (Signature Invalid) 401

I get a Signature invalid problem when I try to get data from Magento in Java. What is wrong with my code:

public class MagentoFacade {

final String MAGENTO_API_KEY = "apikey";
final String MAGENTO_API_SECRET = "apisecret";
final String MAGENTO_REST_API_URL = "urlmagento/api/rest";

public void testMethod() {

    OAuthService service = new ServiceBuilder()
    .provider(MagentoThreeLeggedOAuth.class)
    .apiKey(MAGENTO_API_KEY)
    .apiSecret(MAGENTO_API_SECRET)
    .debug()
    .build();




    System.out.println("" + service.getVersion());

    // start
            Scanner in = new Scanner(System.in);
            System.out.println("Magento's OAuth Workflow");
            System.out.println();
            // Obtain the Request Token
            System.out.println("Fetching the Request Token...");
            Token requestToken = service.getRequestToken();
            System.out.println("Got the Request Token!");
            System.out.println();

             // Obtain the Authorization URL
            System.out.println("Fetching the Authorization URL...");
            String authorizationUrl = service.getAuthorizationUrl(requestToken);
            System.out.println("Got the Authorization URL!");
            System.out.println("Now go and authorize Main here:");
            System.out.println(authorizationUrl);
            System.out.println("And paste the authorization code here");
            System.out.print(">>");
            Verifier verifier = new Verifier(in.nextLine());
            System.out.println();

            System.out.println("Trading the Request Token for an Access Token...");
            Token accessToken = service.getAccessToken(requestToken, verifier);
            System.out.println("Got the Access Token!");
            System.out.println("(if your curious it looks like this: "
                    + accessToken + " )");
            System.out.println();

             OAuthRequest request = new OAuthRequest(Verb.GET, MAGENTO_REST_API_URL+ "/products?limit=2");
                service.signRequest(accessToken, request);
                Response response = request.send();
                System.out.println();
                System.out.println(response.getCode());
                System.out.println(response.getBody());
                        System.out.println();
}


public static void main(String[] args) {
    MagentoFacade mf = new MagentoFacade();
    mf.testMethod();
}

}

public final class MagentoThreeLeggedOAuth extends DefaultApi10a {
private static final String BASE_URL = "urltoMagento/";

@Override
public String getRequestTokenEndpoint() {
    return BASE_URL + "oauth/initiate";
}

@Override
public String getAccessTokenEndpoint() {
    return BASE_URL + "oauth/token";
}

@Override
public String getAuthorizationUrl(Token requestToken) {
    return BASE_URL + "richard/oauth_authorize?oauth_token="
            + requestToken.getToken(); //this implementation is for admin roles only...
}

}

signature is: NnRaB73FqCcFAAVB4evZtGkWE3k= appended additional OAuth parameters: { oauth_callback -> oob , oauth_signature -> NnRaB73FqCcFAAVB4evZtGkWE3k= , oauth_version -> 1.0 , oauth_nonce -> 753236685 , oauth_signature_method -> HMAC-SHA1 , oauth_consumer_key -> ptrij1xt8tjisjb6kmdqed2v4rpla8av , oauth_timestamp -> 1359710704 } using Http Header signature sending request... response status code: 401 response body: oauth_problem=signature_invalid&debug_sbs=MCe/RB8/GNuqV0qku00ubepc/Sc= Exception in thread "main" org.scribe.exceptions.OAuthException: Response body is incorrect. Can't extract token and secret from this: 'oauth_problem=signature_invalid&debug_sbs=MCe/RB8/GNuqV0qku00ubepc/Sc=' at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:41) at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:27) at org.scribe.oauth.OAuth10aServiceImpl.getRequestToken(OAuth10aServiceImpl.java:52) at magento.MagentoFacade.testMethod(MagentoFacade.java:39) at magento.MagentoFacade.main(MagentoFacade.java:73)

Upvotes: 1

Views: 5048

Answers (2)

Joshua Lawrence Austill
Joshua Lawrence Austill

Reputation: 757

I'd just like to add that in Postman I simply added another urlparameter of getHttpHost with the value of false and that worked as well. I fought with this for an entire day. I hope this saves someone else time.

Upvotes: 2

Bouni
Bouni

Reputation: 635

I might have an answer for you, but it may not work in your case. I struggled hard to find out why I got signature invalid on my local machine.

Turns out that when calculating the signature in Mage_Oauth_Model_Server::_validateSignature(), Magento builds the request URI part with the URL port path trimmed : $this->_request->getHttpHost()

In my case, the local webserver runs on port 81, thus my signature and the Magento one could not match. By passing the false parameter to the getHttpHost method you can keep prevent port trim.

I know this is very specific, but I lost all my hair figuring out why so I needed to share it. And who knows, maybe this could help.

Cheers Bouni

Upvotes: 6

Related Questions