I am fully capable of generating LookupItem requests with the Product Advertising API, including building the URL string with parameters and signing the request, but when I tried to take the model I had I modify it for the MWS RequestReport requests, I get this error message:
"Invalid Section name or version provided - onca/2011-01-01"
For some mysterious reason, it keeps adding "onca/" to the beginning of the date when clearly my parameters are:
Map<String, String> params = new HashMap<String, String>();
params.put("Action", "RequestReport");
params.put("Version", "2011-01-01"); //NOT "onca/2011-01-01" (version may be old)
params.put("SellerId", MERCHANT_ID);
params.put("SignatureVersion", "2");
params.put("SignatureMethod", "HmacSHA256");
params.put("ReportType", "_GET_MERCHANT_LISTINGS_DATA_");
//timestamp and signature params are added in the method that signs this request
requestUrl = helper.sign(params);
What am I missing here? The method signs this "canonical query string" does not add it either, as evident in its success at signing LookupItem requests as I mentioned early. Does this have something to do with the way Amazon interprets the signature? But then wouldn't it say the URL/encoding don't match? Any theories? Need any more code or info?
I discovered the solution: With AWS, requests start with ecs.amazonaws.com/onca/xml? and MWS with mws.amazonservices.com? (in US). When I had changed the endpoint to the MWS endpoint I failed to remove the concatenation of "/onca/xml" immediately after, located somewhere in my code. For some reason, Amazon interpreted my "Version" parameter as beginning with "/onca/xml" despite that not being the case in the URL or it being the first parameter in the signature. Oh well.
For anyone modifying an AWS signed request helper, make sure to remove any concatenation of "/onca/xml" after changing endpoint!
Related
I am using the ES high level Java Client to make a delete index request to an AWS-hosted ElasticSearch (now called OpenSearch service). When i try to delete an index by exact name, the request is successful, but when i try to use a wildcard to delete multiple indices with a specific prefix the request fails with a "request signature does not match" exception.
Here is the delete indices code:
DeleteIndexRequest deleteIndexRequest = new DeleteIndexRequest();
deleteIndexRequest.indices("index_prefix_*");
AcknowledgedResponse response = esClient.indices().delete(deleteIndexRequest, RequestOptions.DEFAULT);
Here is the exception that im getting:
o.elasticsearch.client.ResponseException: method [DELETE], host [https://[ESHost]:443], URI [/index_prefix_*?master_timeout=30s&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=true&timeout=30s], status line [HTTP/1.1 403 Forbidden]
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."}
The thing is, i have tried running similar code against a local instance of ElasticSearch and it works fine so there seems to be some issue here with trying to delete multiple indices via wildcard against the AWS-hosted ES. Anyone know how to get this to work?
As part of learning how to integrate OneLogin SSO in my ColdFusion app I pulled this git repo -
https://github.com/GiancarloGomez/ColdFusion-OneLogin and set up locally. But, while sending the auth request to OneLogin we are getting an error message saying "We're sorry, but something went wrong.
We've been notified about this issue and we'll take a look at it shortly."
I could not find the root cause of this issue. Appreciate your timely help on this.
Configuration on OneLogin looks like below. Note that consumer URL I modified to http://127.0.0.1:8500/coldfusion-onelogin/consume.cfm instead of actual format mentioned (http://127.0.0.1:8500/coldfusion-onelogin/consume/) in the YouTube video provided in the readme file of this git repo. I had tried changing the consumer URL format as this http://127.0.0.1:8500/coldfusion-onelogin/consume/ but we are still getting the error message.
Access Tab in OneLogin looks like below,
Below is the code which sends auth request to OneLogin.
<cfscript>
try{
// used to encode string - chose to use Java version just in case CF did not encode correctly
// encodeForURL appears to work but to keep the same as the samples from OneLogin I will use the Java reference
urlEncoder = createObject("java","java.net.URLEncoder");
// the appSettings object contain application specific settings used by the SAML library
appSettings = createObject("java","com.onelogin.AppSettings");
// set the URL of the consume file for this app. The SAML Response will be posted to this URL
appSettings.setAssertionConsumerServiceUrl(request.company.getConsumeUrl());
// set the issuer of the authentication request. This would usually be the URL of the issuing web application
appSettings.setIssuer(request.company.getIssuerUrl());
// the accSettings object contains settings specific to the users account.
accSettings = createObject("java","com.onelogin.AccountSettings");
// The URL at the Identity Provider where to the authentication request should be sent
accSettings.setIdpSsoTargetUrl("https://app.onelogin.com/saml/signon/" & request.company.getIssuerID());
// Generate an AuthRequest and send it to the identity provider
authReq = createObject("java","com.onelogin.saml.AuthRequest").init(appSettings, accSettings);
// now send to one login
location ( accSettings.getIdp_sso_target_url() & "?SAMLRequest=" & authReq.getRidOfCRLF(urlEncoder.encode(authReq.getRequest(authReq.base64),"UTF-8")), false);
}
catch(Any e){
writeDump(e);
}
</cfscript>
Below is the format of auth request URL ,
https://app.onelogin.com/saml/signon/[issuerId]?SAMLRequest=[SamlRequest].
I am not providing the actual URL here since I am not sure whether someone can tamper it or not. But please do let us know if it is really required to solve this issue.
Below is the screenshot of the SAML Login Page , from here I am clicking on the button and send auth request to OneLogin.
Also, In the index.cfm , form action attribute is "/post/". Since it was throwing an error I had to replace it with "/coldfusion-onelogin/post.cfm". Here coldfusion-onelogin is a folder under wwwroot. Any settings in ColdFusion to be modified so that it will not throw any error if we keep the form action attribute as "/post/" ?.
Hmmm. The consumer URL validator is supposed to be a regex expression, and I'm not sure how it's going to handle a literal HTTP value (since it'll try to evaluate it as regex)
So try changing URL validator to be something dumb like *. (match everything)
That should hopefully clear the error until you can sort out what you want the validation to be in production.
You need to first logout from the OneLogin Admin Panel
https://app.onelogin.com/logout
To successfully test the demo app.
I want to change data on a server via a put request, but I always get a 401 [no body] error. The response looks like the following:
I do not really understand why I get this error, because my body is not empty. My code looks like this and the values seem to be okay too. Does anyone have any idea what I'm doing wrong?
Postman Update:
The values are different right now (consent and authorisation) since its basically a new request but the values were correct before too so this change should not make a difference.
Looks like you are simply passing invalid authorization header, or maybe not passing it at all.
What happens is that you make a RestTemplate exchange call, then you get 401 from that request, and Spring propagates it and returns 500 - Internal Server Error, because there is no error handling in place.
EDIT: According to your screenshots, you are not replacing your path variables. Update the way you build your URL as listed below.
Map<String, String> pathVars = new HashMap<>(2);
pathVars.put("consent-id", consentId);
pathVars.put("authorisation-id", authorisationId);
UriComponents uri = UriComponentsBuilder.fromUri(mainLink)
.path("consents/{consent-id}/authorizations/{authorisation-id}")
.buildAndExpand(pathVars);
Verify if your authorization-id is correct
if the token has a type for example Bearer you must write so:
"Authorization": "Bearer rrdedzfdgf........."
and make sure that there is only one space between Bearer and the token
Often the problem comes from the browser locally;
if your site is online, save the part and deploy the last modifications of the site and make the test
otherwise if it is a mobile application test it on a smartphone and not a browser;
in case none of this works, do it with your backend, it works with this
I had a problem where the I would add an extra character to a password. And Insomnia(Or Postman) would return a JSON response from the server along with a 401 HTTP status code. But when I did the same thing inside a springboot app, when using catch(HttpServerErrorException e){System.out.prinln(e.getMessage());} the e.getMessage would have [no body]. I think that is a feature built in the HttpServerErrorException class where it doesn't provide the body for security purposes. Since whoever is requesting is not authorized they should not have access to it.
When i am trying to get data from facebook using graph api, i am getting this error,
{"error":
{"message":"(#803) Some of the aliases you requested do not exist: 124186682456_10151302011177457&access_token=REMOVED_ACCESS_TOKEN",
"type":"OAuthException",
"code":803}}
Can anyone help me in how to solve this problem.
Thanks in advance...
If that is an accurate representation of the error you're receiving, you're incorrectly appending the access token after a & character instead of a ?.
You need to use ? for the start of the query string, and & to separate the parameters inside the query string
e.g.
https://graph.facebook.com/124186682456_10151302011177457?access_token=ACCESS_TOKEN
Placement of access_token parameter immediately after ? has nothing to do with issue...
It could be that your URL is littered with %20 or similar stuff.
I got this error when trying a test example from Facebook API documentation, at first I have read highest voted answer, but moving access_token parameter immediately after ? didn't work, I then inspected URL more closely and found some of encoded spaces %20 that were stuck to parameter fields and some others, removing which fixed the issue.
try following URL (just replace access_token parameter with yours)
https://graph.facebook.com/search?type=place&fields=name,checkins,picture&q=cafe¢er=40.7304,-73.9921&distance=1000&access_token=[YOUR_ACCESS_TOKEN]
If it works look for problem in Facebook parameter names
Hope this saves you some time.
This was happening for me with the Instagram content publishing API which also rides off the facebook graph api. It seems to happen when something is wrong with the API URL you are trying to send to Facebook via GET request.
In my case, something was happening in my code causing the user_id and access_token to not be passed to the URL before trying to query the graph API.
I am trying to generate an Oauth signature in order to authenticate an user in flickr.com from my android app.
According to the article in flickr.com, I have to send a signing request in order to get the signature. The hyperlink to the flickr.com guide page is:
http://www.flickr.com/services/api/auth.oauth.html#request_token
According to the post, I have to send a request like this to the flickr server in order to receive the signature key:
http://www.flickr.com/services/oauth/request_token
?oauth_nonce=89601180
&oauth_timestamp=1305583298
&oauth_consumer_key=653e7a6ecc1d528c516cc8f92cf98611
&oauth_signature_method=HMAC-SHA1
&oauth_version=1.0
&oauth_callback=http%3A%2F%2Fwww.example.com
I have send a request from my app, in the above mentioned format, but all I received is an error saying oauth_problem=parameter_absent&oauth_parameter_absent=oauth_signature.
My request code is:
HttpGet get = new HttpGet("http://www.flickr.com/services/oauth/request_token?oauth_nonce="+nonce+"&oauth_timestamp="+ts+"&oauth_consumer_key=****&oauth_signature_method=HMAC-SHA1&oauth_version=1.0");
Actually the problem is that, the url through which I am requesting for the signature is responding in a wrong way. Where it should return the signature, its asking for the signature.
The signing step is no request. You take the URI you have so far and transform it into the base string as seen in the documentation (URL encoding its parts and the like). The you use the HMAC-SHA1 algorithm witch takes the 2 parameters key and data. Use the base string as data and key
is the concatenated values of the Consumer Secret and Token Secret, separated by an '&'.
The value you get back from the algorithm (the signature) is then appended to your URI with
&oauth_signature={ALGORITHM_OUTPUT}
Using this new URI you can then request tokens.
If you think this is too much work, check out some Java OAuth library, e.g. scribe-java.