HTTP_OAuth?

Discussion in 'Shapeways API' started by roseEq, Jul 28, 2013.

  1. roseEq
    roseEq Member
    Hi,

    Is it possible to use HTTP_OAuth with the api? I have a server that can't instal oath extension and have been trying the pear version instead. It seems to be fine with all the GET calls (materials etc) but POST always returns and invalid signature. I am guessing it has to do with the encoding of the json string and how parameters are passed...


    try {
    $oauth = new HTTP_OAuth_Consumer($consumer_key, $consumer_secret,$access_token,$access_secret);
    } catch (OAuthException2 $e){
    var_dump($e);
    }


    try {
    $filename = "cube-1cm3-centered_in_meter.stl";
    $file = file_get_contents($filename);
    $data = array('fileName' => $filename,
    'file' => rawurlencode(base64_encode($file)),
    'hasRightsToModel' => 1,
    'acceptTermsAndConditions' => 1,
    );
    $data_string = array(json_encode($data));
    $response = $oauth->sendRequest("http://api.shapeways.com/model/v1", $data_string);
    var_dump($response->getBody());

    } catch (OAuthException2 $e){
    var_dump($e);
    }
     
  2. Hi,

    I'm not familiar with that oauth library, but you should be able to use any library that fully supports oauth1. Is there a way for HTTP_Oauth to define the method you're using? I don't see that in the code sample you posted and the generated signature is affected by whether your request is a POST or a GET.

    -Beekey
     
  3. Also, why are you unable to install the oauth extension on your server?
     
  4. mattermaster
    mattermaster Member
    I'm also running into the signature invalid error ONLY when making POST requests. I'm using a popular python OAuth library called rauth.
     
  5. roseEq
    roseEq Member
    Hi,

    By default the library's sendRequest function uses POST but I also tried passing in the POST specifcally with the same result:

    $response = $oauth->sendRequest("http://api.shapeways.com/model/v1", $data_string, 'POST');

    As I said the library does work with GET requests because I was able to retrieve the token and pin etc using it but not sending a post request. I discovered that if I pass in the $data_string without the json encoding it says:
    Field <file> is required, but missing.\nField <fileName> is required, but missing.

    With json encoding it returns a signature error... It cannot figure out how to properly create a paramater for the function that works.

    I was not able to install the oauth extension because I have a shared server and can't access it as root/admin.

    thanks
     
  6. Can you provide a link to the documentation for the library you're using? It seems like it may not be generating the signature correctly on a POST request.

    -Beekey
     
  7. roseEq
    roseEq Member
  8. aaal
    aaal Member
    Hi roseEQ,

    Not sure if you're still having this problem, but I ran into a similar problem and just wanted to share my findings. I'm using the Python oauth2 library. I got the same "field is missing" errors when performing a POST request and json encoding the parameters. I got around the problem by setting this header:

    Content-Type: application/json

    After that, I got a response that details the spec for the API endpoint, but not the actual data I was requesting (I was hitting /price/v1). I haven't been able to get past this, but hopefully this helps you a little bit.
     
  9. roseEQ,

    I haven't been able to find much on the problem with the pear version of oauth other than this old bug: http://pear.php.net/bugs/bug.php?id=16782 which looks like it caused GET requests to fail. Can you check the version of that oauth library that's being used?

    Can you talk to your server's admin on getting the pecl oauth client installed? Some initial searching on Google shows a few other people who have had problems with the pear version and fixed them by switching.

    aaal,

    The Shapeways API runs on Oauth, not Oauth2. You need to use a library that supports Oauth. For python, I've found requests_oauthlib to be reliable.

    Thanks,
    Beekey
     
  10. aaal
    aaal Member
    Hi Beekey, OAuth2 is just the library name but it does support oauth version 1.0. However, I tried requests-oauthlib per your suggestion and I got that to work. Thanks!
     
  11. archipelis
    archipelis Member
    Hi all,

    I confirm the problem:

    I got this result:

    string(425) "{"result":"failure","reason":"Authentication Error","oauth_error_message":" oauth_problem=signature_invalid&debug_sbs=POST&http% 3A%2F%2Fapi.shapeways.com%2Fmodel%2Fv1&oauth_consumer_ke y%blabla%26oauth_nonce%blabla%26oauth_signature_method%3DHMA C-SHA1%26oauth_timestamp%3Dblabla3%26oauth_token%3Dblabla%26 oauth_version%3D1.0 "}"


    I also confirm that HTTP_OAuth is implementing OAuth 1.0
    Is there another solution?

    Thanks
    Seb


     
  12. mattermaster
    mattermaster Member
    For those of you still trying to figure out this problem and who are using python, I managed to get it to work using the Requests-OauthLib library. I can go through the whole verification "handshake" and make POST and GET requests without any issues. Hope that helps!
     
    Last edited: Feb 4, 2014
  13. kirakira3D
    kirakira3D Member
    Hi everyone,

    I realize three years have passed, but is there any solution for Node.js? I'm hitting the same issue - can do GET no problem, but upon a POST keep getting "oauth_problem=signature_invalid".
    I'm using the node-shapeways express.js example.

    Thanks!
     
  14. kirakira3D
    kirakira3D Member
    Never mind, found a solution in one of the node-shapeways repo's pull requests - link.