2009-01-06 20:42:45 |
Max Berger |
bug |
|
|
added bug |
2009-01-08 00:28:59 |
Diogo Matsubara |
launchpad: status |
New |
Incomplete |
|
2009-01-08 00:28:59 |
Diogo Matsubara |
launchpad: statusexplanation |
|
How did you send the request? |
|
2009-01-11 20:54:02 |
dikmoet |
displayname |
Bug #314507 |
Bug #314507 (dreko) |
|
2009-01-11 20:54:02 |
dikmoet |
name |
|
dreko |
|
2009-01-12 17:12:31 |
Francis J. Lacoste |
launchpad: status |
Incomplete |
Won't Fix |
|
2009-01-12 17:12:31 |
Francis J. Lacoste |
launchpad: bugtargetdisplayname |
Launchpad itself |
Launchpad Foundations |
|
2009-01-12 17:12:31 |
Francis J. Lacoste |
launchpad: bugtargetname |
launchpad |
launchpad-foundations |
|
2009-01-12 17:12:31 |
Francis J. Lacoste |
launchpad: statusexplanation |
How did you send the request? |
realm is required by the OAuth spec. We ignore it because checking for the token presence in our database is enough. |
|
2009-01-12 17:12:31 |
Francis J. Lacoste |
launchpad: title |
Bug #314507 in Launchpad itself: "API: Authorization header ignores first key" |
Bug #314507 in Launchpad Foundations: "API: Authorization header ignores first key" |
|
2009-01-27 09:31:03 |
Christian Reis |
launchpad-foundations: status |
Won't Fix |
Incomplete |
|
2009-01-27 09:31:03 |
Christian Reis |
launchpad-foundations: statusexplanation |
realm is required by the OAuth spec. We ignore it because checking for the token presence in our database is enough. |
Hmmm. Max, can you confirm this with a different library, just to verify it's really a problem on our end? |
|
2009-01-27 10:43:35 |
Christian Reis |
launchpad-foundations: status |
Incomplete |
Triaged |
|
2009-01-27 10:43:35 |
Christian Reis |
launchpad-foundations: statusexplanation |
Hmmm. Max, can you confirm this with a different library, just to verify it's really a problem on our end? |
Sure looks like a bug to me. Francis? |
|
2009-10-14 21:07:02 |
Francis J. Lacoste |
launchpad-foundations: importance |
Undecided |
Low |
|
2010-12-20 01:48:35 |
Robert Collins |
summary |
API: Authorization header ignores first key |
OAUTH server ignores ignores first element in header (rather than realm key) |
|
2010-12-20 01:51:14 |
Robert Collins |
description |
Just played around with the API, as explained at [1] and sent a request with the follwing Authorizationheader (with a real token, and more info) to [2]
OAuth oauth_token="mytoken", oauth_signature_method="PLAINTEXT", oauth_consumer_key="just%20testing" ...
and always got back:
Unknown token (None).
After looking into the examples (which add a "realm") it suddently worked - if the realm is added as the first element. Some more debugging showed that I can add whatever key I like as the first key, and it will work. So it seems as if the first element after OAuth in the Authorization header is always ignore.
[1] https://help.launchpad.net/API
[2] https://api.launchpad.net/beta/ |
Workaround:
Use an oauth library that allows placing 'realm' or some other ignorable field as the first element in Authorization:
Impact:
Authenticated 3rd party API clients are hard to write because Launchpad's server side is not HTTP conformant.
Symptoms:
Please note that in the first example the consumer is "None", wheres when a dummy key is added, the consumer is successfully recognized.
Max
openssl s_client -connect api.launchpad.net:443
[...]
GET /beta/ HTTP/1.1
Host: api.launchpad.net
Authorization: OAuth oauth_consumer_key="just+testing"
HTTP/1.1 401 Unauthorized
Date: Tue, 27 Jan 2009 09:49:08 GMT
Server: zope.server.http (HTTP)
X-Powered-By: Zope (www.zope.org), Python (www.python.org)
X-Lazr-Oopsid: OOPS-1123H722
Content-Type: text/plain
Content-Length: 24
Via: 1.1 wildcard.launchpad.net
Unknown consumer (None).
DONE
---
openssl s_client -connect api.launchpad.net:443
[...]
GET /beta/ HTTP/1.1
Host: api.launchpad.net
Authorization: OAuth dummy="bla", oauth_consumer_key="just+testing"
HTTP/1.1 401 Unauthorized
Date: Tue, 27 Jan 2009 09:50:25 GMT
Server: zope.server.http (HTTP)
X-Powered-By: Zope (www.zope.org), Python (www.python.org)
X-Lazr-Oopsid: OOPS-1123C781
Content-Type: text/plain
Content-Length: 32
Via: 1.1 wildcard.launchpad.net
Unknown consumer (just+testing).
DONE |
|
2010-12-20 01:51:20 |
Robert Collins |
launchpad: importance |
Low |
High |
|
2010-12-20 02:10:38 |
Martin Pool |
launchpad: importance |
High |
Low |
|
2010-12-20 02:10:38 |
Martin Pool |
launchpad: status |
Triaged |
In Progress |
|
2010-12-20 02:10:38 |
Martin Pool |
launchpad: assignee |
|
Martin Pool (mbp) |
|
2010-12-20 02:18:21 |
Martin Pool |
launchpad: importance |
Low |
High |
|
2010-12-20 03:43:06 |
Martin Pool |
branch linked |
|
lp:~mbp/launchpad/314507-oauth |
|
2010-12-20 14:28:04 |
Blaine Simpson |
bug |
|
|
added subscriber Blaine Simpson |
2010-12-21 21:17:39 |
Launchpad QA Bot |
tags |
api lp-foundations |
api lp-foundations qa-needstesting |
|
2010-12-21 21:17:42 |
Launchpad QA Bot |
launchpad: status |
In Progress |
Fix Committed |
|
2010-12-21 23:41:38 |
William Grant |
tags |
api lp-foundations qa-needstesting |
api lp-foundations qa-ok |
|
2010-12-23 03:01:15 |
Curtis Hovey |
launchpad: status |
Fix Committed |
Fix Released |
|
2011-01-03 23:56:54 |
Martin Pool |
bug task added |
|
python-oauth (Ubuntu) |
|
2011-01-04 00:02:33 |
Martin Pool |
python-oauth (Ubuntu): status |
New |
Invalid |
|
2011-01-11 16:39:47 |
Curtis Hovey |
launchpad: milestone |
|
11.01 |
|