0

I am getting 401 Unauthorized error when i use Http GET call with OAuthConsumer client.

I have all the required parameters for Oauth 1.0 authorization.

Consumer Key = "XXX"
Consumer Secret = "YYY"
oauth_signature_method = "HMAC-SHA1"
oauth_timestamp = "calculated timestamp"
oauth_nonce = "calculated nonce"
oauth_version = 1.0
oauth_signature = "calculated signature"

The same Ouath 1.0 code in python is working well for me just by using consumer key, secret and signature_type='auth_header' and by calling requests.get(). Here's my python code below : 

import requests
from requests_oauthlib import OAuth1

url = "XXX"
header_auth = OAuth1('consumer_key','consumer_secret', signature_type='auth_header')
response = requests.get(url, auth=header_auth)
print(response.status_code)
print(response.content)

Here is my code snippet in Java. Could you please suggest where I am going wrong?

public class OauthConsumerClient {

@SuppressWarnings("deprecation")
public static void main(String[] args) {

        String url = "XXX";

        DefaultHttpClient httpClient = new DefaultHttpClient();
        httpClient.getParams().setParameter("http.protocol.content-charset", "UTF-8");      
        HttpRequestBase httpRequest = null;
        URI uri = null;
        HttpResponse httpResponse = null;
        OAuthConsumer oAuthConsumer = new CommonsHttpOAuthConsumer("consumer_key", "consumer_secret");
        oAuthConsumer.setSigningStrategy(new AuthorizationHeaderSigningStrategy());

        try {
            uri = new URI(url);
            httpRequest = new HttpGet(uri);
            httpRequest.setHeader("Content-Type", "application/json");
            oAuthConsumer.sign(httpRequest);
            HttpHost target = new HttpHost(uri.getHost(), -1, uri.getScheme());
            httpResponse = httpClient.execute(target, httpRequest);
            System.out.println("Connection status : " + httpResponse.getStatusLine());
            System.out.println("Connection status code : " + httpResponse.getStatusLine().getStatusCode());

        } catch (Exception e) {
            System.out.println("Exception occured");
        }
        InputStream inputStraem = httpResponse.getEntity().getContent();
        StringWriter writer = new StringWriter();
        IOUtils.copy(inputStraem, writer, "UTF-8");
        String output = writer.toString();
        System.out.println("Connection response : " + output);
}

}

Output 
-------------------------------------------------------------------------

16:13:43.064 [main] DEBUG o.a.h.impl.client.DefaultHttpClient - Authentication required
16:13:43.064 [main] DEBUG o.a.h.impl.client.DefaultHttpClient - "URL" requested authentication
16:13:43.064 [main] DEBUG o.a.h.i.c.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, Digest, Basic]
16:13:43.064 [main] DEBUG o.a.h.i.c.TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
16:13:43.064 [main] DEBUG o.a.h.i.c.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
16:13:43.064 [main] DEBUG o.a.h.i.c.TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
16:13:43.064 [main] DEBUG o.a.h.i.c.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
16:13:43.064 [main] DEBUG o.a.h.i.c.TargetAuthenticationStrategy - Challenge for Basic authentication scheme not available
Connection status : HTTP/1.1 401 Unauthorized
Connection status code : 401
16:13:43.076 [main] DEBUG org.apache.http.wire -  << "  ["The request must be signed"]"
16:13:43.076 [main] DEBUG o.a.h.i.c.BasicClientConnectionManager - Releasing connection org.apache.http.impl.conn.ManagedClientConnectionImpl@78691363
16:13:43.076 [main] DEBUG o.a.h.i.c.BasicClientConnectionManager - Connection can be kept alive indefinitely
Connection response :   ["The request must be signed"]

NOTE : When i hit the same URL in postman with Oauth 1.0 authorization type. I am getting response code 200 OK with the body.

Let me know if you need additional information. Thank you so much for your help !!!

Manudatta G
  • 1
  • 5
  • Not enough information to answer correctly, but seems that you are not getting the authentication header as you should. You first need to hit the oAuth URL, get you header then include it in the actual request. OAuth is different than Basic authentication, you need to authenticate prior to the request and carry the authentication token as long as it is valid. Quick video explaining the basics: https://www.youtube.com/watch?v=CPbvxxslDTU – lauksas Nov 12 '18 at 12:51
  • I have edited my question with some more information. Please let me know if you need more info. – Manudatta G Nov 13 '18 at 07:03
  • You are omitting imports, OAuthConsumer which seems to be an interface, doesn't tell me much. Maybe you are using RESTEasy? What does CommonsHttpOAuthConsumer class do? there is no clear javadoc in my googling... It's hard to help you not knowing your class, if you paste everything omitting just sensitive information maybe I could... – lauksas Nov 14 '18 at 12:06
  • FYI.. I am using Oauth library for java called signpost. import oauth.signpost.OAuthConsumer; import oauth.signpost.commonshttp.CommonsHttpOAuthConsumer; --> This is used for signing HTTP requests from signpost library. – Manudatta G Nov 16 '18 at 10:14

0 Answers0