500 Error on OAuth Token Request
I'm getting a 500 error on OAuth token_request when trying to authorize a new app to my account.
/Users/shammond/.rvm/rubies/ruby-1.8.7-p357/lib/ruby/1.8/net/http.rb:2105:in `error!': 500 "Internal Server Error" (Net::HTTPFatalError)
from /Users/shammond/.rvm/gems/ruby-1.8.7-p357/gems/oauth-0.4.6/lib/oauth/consumer.rb:218:in `token_request'
from /Users/shammond/.rvm/gems/ruby-1.8.7-p357/gems/oauth-0.4.6/lib/oauth/consumer.rb:136:in `get_request_token'
There also seems to be an issue with api access being allowed after authorization has been revoked, but I can't test further because I can't reauthorize the app.
Steve
Comments are currently closed for this discussion. You can start a new one.
2 Posted by shammond42 on 02 Jun, 2012 07:13 PM
I am definitely able to add a wiki page after an app's access has been revoked.
Support Staff 3 Posted by Micah on 02 Jun, 2012 09:01 PM
Hmm, well both of those are very troubling. Let me take a look.
Support Staff 4 Posted by Micah on 03 Jun, 2012 02:02 PM
We're going to delay the Rails 3 launch a little until we can better figure out what's going on with the API.
Thanks for your help on this.
5 Posted by shammond42 on 03 Jun, 2012 03:52 PM
If there is anything I can do to help let me know.
Support Staff 6 Posted by Micah on 03 Jun, 2012 04:27 PM
It's very frustrating. I can work with the API normally in development, but I get a 401 Unauthorized error when requesting tokens from the staging server.
The worst part is not knowing if it's a problem with my client or with the provider. All our API specs pass, including those related to the request token workflow. But none of that matters as long as the actual API won't respond....
Ugh, it's going to be a long day.
7 Posted by shammond42 on 03 Jun, 2012 05:38 PM
Micah,
Steve
Support Staff 8 Posted by Micah on 03 Jun, 2012 06:10 PM
Yeah, I'm thinking it's with the provider as well. I've narrowed it down to the signature verification in the OAuth Rack middleware. My gut feeling is that it has something to do with the body_hash. I've had problems with that in the past, but I can't remember exact what or why.
Support Staff 9 Posted by Micah on 03 Jun, 2012 07:12 PM
Well, I've discovered that bypassing SSL seems to work. If I set the provider to allow for non-SSL connection to request_token and then point my client at the non-SSL URL, everything works.
So, somewhere along the line, the SSL process is mucking things up enough to cause a signature mismatch.
We obviously don't want to turn off SSL for the token request process (not to mention that would break all existing clients, anyway). But at least now I've narrowed down my focus.
10 Posted by shammond42 on 03 Jun, 2012 07:15 PM
Are you sure you have the very latest oauth gem? That sounds very similar to the bug I fixed and submitted to them. I saw that they finally merged it in, but that was fairly recently.
If you've got the latest gem, ping me on skype and I can explain exactly what I found maybe that will help you find this one.
Steve
Support Staff 11 Posted by Micah on 04 Jun, 2012 12:26 AM
Looks like this is fixed!
Thanks again for your help.
Micah closed this discussion on 04 Jun, 2012 12:26 AM.