Reputation: 980
Two-legged authorization with apache http server
I have an api (running in a jetty instance) where I use two-legged oauth protocol to give access to the clients. I wrote a simple java client (using oauth-signpost) to connect to the api and the connection is successful.
I would like to put the api behind an apache http server. The apache http server is configured to forward request to api.
The following works:
(without oauth) Client ---> Apache HTTP Server --> Jetty
(with oauth) Client ---> Jetty
The following doesn't work:
(with oauth) Client ---> Apache HTTP Server ---> Jetty
I receive the following error message
"Invalid signature for signature method HMAC-SHA1"
Has any of you faced this issue? Is it possible to sign the request but without the hostname and port?
Thank you.
Upvotes: 0
Views: 528
Answers (1)
Reputation: 4017
I had a similar problem. The problem I found was that the OAuth signature and the OAuth header block need to have the Jetty URL, not the Apache URL.
I had to modify my code to pass along two URLs. The URL I was sending the request to (Apache) and the URL of the resource on the final system (Jetty URL).
Upvotes: 0
Related Questions
- Multiple HTTP Authorization headers?
- Multiple Authentication Schemes and WWW-Authenticate Challenges
- Access tokens using 2 legged Oauth 2.0 and Apache OauthClient
- oAuth in PHP to make 2 legged request
- Access tokens and 2-legged OAuth2
- OAuth 1.0 - how to implement both 2-legged and 3-legged authentication?
- Authenticating to a Oauth 2-legged system
- Implementation of two legged OAuth 2.0 for WebApi
- nested HTTP basic Authentication?
- Implementing a 2 Legged OAuth Provider