Ubuntu One Developer Website

Method to 'tell Ubuntu One about the newly created SSO token' incorrectly states the email address must be URL encoded. It won't work unless the email address is /not/ URL encoded.

Bug #977787 reported by Chris C Moore
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu One Developer Website
Fix Released
Undecided
James Henstridge

Bug Description

I've spent many, many hours trying to get an application to 'tell Ubuntu One about the newly created SSO token' using the method described on the developer API:

GET https://one.ubuntu.com/oauth/sso-finished-so-get-tokens/<email address>
    Tell Ubuntu One about the newly created SSO token. Email address must be URL-encoded (so first.last%40example.com). This request must be OAuth-signed with the token itself.

Nothing appeared to be working until I spotted that this script doesn't actually URL encode the email address at all: http://people.canonical.com/~roman.yepishev/us/ubuntuone-sso-login.py

Changing my code to skip the URL encoding bit works as expected.

Tags: oauth sign sso
Revision history for this message
Emanuele Quinto (emanuele-quinto) wrote :

In a javascript application I had to remove the encoding:

This doesn't work:

<code>
function registerToken(secrets, user) {
  var url = "https://one.ubuntu.com/oauth/sso-finished-so-get-tokens/" + encodeURIComponent(user);
  reg = oAuthRequest(url, secrets);

  return reg;
}
</code>

This works:

<code>
function registerToken(secrets, user) {
  var url = "https://one.ubuntu.com/oauth/sso-finished-so-get-tokens/" + user;
  reg = oAuthRequest(url, secrets);

  return reg;
}
</code>

Revision history for this message
James Henstridge (jamesh) wrote :

I am currently working on revising the developer site documentation for the authorisation process. Presumably you were following the documentation here:

https://one.ubuntu.com/developer/account_admin/issue_tokens/cloud

Which fails to mention that the email address is no longer required in that call. The new documentation on this process can be found here:

https://one.ubuntu.com/developer/account_admin/auth/otherplatforms

As for the problems you were having with OAuth signatures, I believe that is probably a bug on our side in checking the signatures. I had filed bug 1013126 about this, which I will see about making public.

Removing the email address from the sso-finished-so-get-tokens call means you won't hit the bug on this specific API call, but you might hit it in other places (e.g. the REST files API when manipulating files with certain characters in their name). Switching from OAuth HMAC-SHA1 signatures to PLAINTEXT should avoid the problem in all cases. The API calls are made over a secure connection, so it should offer adequate security.

Changed in u1devsite:
status: New → In Progress
Revision history for this message
James Henstridge (jamesh) wrote :

The old documentation has been removed and now redirects to the new auth documentation, which should not suffer from this problem.

Changed in u1devsite:
assignee: nobody → James Henstridge (jamesh)
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.