Kapil D
Kapil D

Reputation: 2660

Chrome extension OATH 401 error(Unauthorized)

I am using JS to access the rdio plugin. I am using the following for Oauth http://code.google.com/chrome/extensions/tut_oauth.html. I am able to get the signed token etc. However, when ever I try to send a signedRequest at http://api.rdio.com/1/, I receive 401, un-authorized error.

X-Mashery-Error-Code:ERR_401_INVALID_SIGNATURE X-Mashery-Responder:mashery-web4.LAX

This is what I am trying to send:

 var url = 'http://api.rdio.com/1/';
 var request = {
   'method': 'POST',
   'headers': {
     'Content-Type': 'application/x-www-form-urlencoded'
   },    
   'parameters': {
     'alt': 'json',
     'method':'currentUser'
   },
   'body': 'Data to send'
 };

 bgPage.oauth.sendSignedRequest(url, mycallback, request);  

I receive the following error in console.

Request URL:http://api.rdio.com/1/?alt=json&method=currentUser&oauth_consumer_key=yv8ehzehdv55**********&oauth_nonce=******&oauth_signature=**********&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1305190893&oauth_token=us6myp99p4qc86umea9p8fp*****************
Request Method:POST
Status Code:401 Unauthorized
Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:12
Content-Type:application/x-www-form-urlencoded
Cookie:__qca=P0-158278476-1296771701175; r=eyJfdSI6IDE5MjY1LCAiX2UiOiAzMTU1NjkyNn0.SvN8xd7rIuLzTp7hxqi4eJEdvu8; __utmz=225830489.1305153361.198.18.utmcsr=rdioquiz.ianloic.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=225830489.281668250.1296676147.1305184513.1305187119.201; __utmc=225830489
Host:api.rdio.com
Origin:chrome-extension://oiojbkkpmcgmpnjkhjmaggajckamjkap
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_6) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Query String Parameters
alt:json
method:currentUser
oauth_consumer_key:yv8ehzehdv55pbb74ss9dt23
oauth_nonce:BQF0x
oauth_signature:KttF************tRO 8PL yjPF2Ktk=
oauth_signature_method:HMAC-SHA1
oauth_timestamp:1305190893
oauth_token:us6myp99p4qc86umea9p8fphbgq4dxdd76txvyn***********
Form Data
Data to send:
Response Headers
Accept-Ranges:bytes
Content-Length:30
Content-Type:text/xml
Date:Thu, 12 May 2011 09:01:33 GMT
Server:Mashery Proxy
X-Mashery-Error-Code:ERR_401_INVALID_SIGNATURE
X-Mashery-Responder:mashery-web4.LAX    

*I am just trying to mimic what's mentioned here. Its an Oauth library(http://code.google.com/chrome/extensions/tut_oauth.html) from Google to make Chrome extension development easy. They have an Oauth sample code to get your document list etc. http://code.google.com/chrome/extensions/samples.html#4e35caa9742fb82dbd628892d23a781614f6eff6 I think I am not able to get past send a POST requestto the rdio API. It gives an un-authorized error.*

Upvotes: 1

Views: 1938

Answers (2)

okredo
okredo

Reputation: 61

We found a similar issue with the same service (rdio) and method ("currentUser").

What ended up working was: (1) make sure you have method=currentUser in the POST body; I'm not sure from the above curl output if that is the case.

And, this is the bit that actually fixed the issue: (2) we had to also add the method name to the signature itself.

FYI we used this library: https://oauth.googlecode.com/svn/code/javascript/

But the tricky part, as you are seeing, was figuring out how to seed the method in that library that creates the signature. Without the 'method=currentUser' being part of the signature, we experienced the same error condition.

Upvotes: 2

Paddy
Paddy

Reputation: 2873

Check your timezone, date, and time on your computer. If any one of these is wrong, OAuth will fail.

Upvotes: 1

Related Questions