GIS › OpenStreetMap › General › Developer Discussion

OAuth difficulties from node.js client

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

4 messages Options

Nick Whitelegg-2

OAuth difficulties from node.js client

Hello everyone,

Realise this might be a difficult one, but posting it here in case anyone's encountered similar problems or if anyone can obviously see what's wrong with the request (see below).

I'm trying to connect to the OSM OAuth API request_token endpoint from a node.js based client.

If I use the recommended example on the wiki for node.js, it works correctly (I get a token and a secret back), _however_ the 'request' module is now deprecated so probably not the best thing to use, even though it handles oauth automatically.

I found an alternative module which generates the correct parameters to send to the request token endpoint at:

https://www.npmjs.com/package/oauth-1.0a

and it generated parameters which look vaguely sensible:

{ oauth_consumer_key: 'EcdM735JygrmO42fzw8SIfbFUMDy1ShVY5bBnefn',

oauth_nonce: 'cNvPEgdgjvQWX5FgS56XkyLaMhQNggmh',

oauth_signature_method: 'HMAC-SHA1',

oauth_timestamp: 1594910535,

oauth_version: '1.0',

oauth_callback: 'http://localhost/app/',

oauth_signature: 'WuYA7G8s4qPCht+cF7t7FpTP0ck=' }

However if I send that to the request_token endpoint (using node-fetch) I get a 500 error.

Fiurthermore, if I use curl to send the same data to the endpoint, I also get a 500:

curl --data "oauth_consumer_key=EcdM735JygrmO42fzw8SIfbFUMDy1ShVY5bBnefn&oauth_nonce=cNvPEgdgjvQWX5FgS56XkyLaMhQNggmh&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1594910535&oauth_version=1.0&oauth_callback=http%3A%2F%2Flocalhost%2Fapp%2F&oauth_signature=WuYA7G8s4qPCht%2BcF7t7FpTP0ck%3D" https://www.openstreetmap.org/oauth/request_token

I'm guessing something's wrong with the signing process. I used the examples given in the oauth-1.0a documentation to generate the parameters.

I'm surprised I'm getting a 500 rather than say a 400.

Thanks,

Nick

_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev

Developer Discussion mailing list

Re: OAuth difficulties from node.js client

Osm website had sone downtime,

maybe your code is ok?

16 Jul 2020, 17:04 by [hidden email]:

Hello everyone,

Realise this might be a difficult one, but posting it here in case anyone's encountered similar problems or if anyone can obviously see what's wrong with the request (see below).

I'm trying to connect to the OSM OAuth API request_token endpoint from a node.js based client.

If I use the recommended example on the wiki for node.js, it works correctly (I get a token and a secret back), _however_ the 'request' module is now deprecated so probably not the best thing to use, even though it handles oauth automatically.

I found an alternative module which generates the correct parameters to send to the request token endpoint at:

https://www.npmjs.com/package/oauth-1.0a

and it generated parameters which look vaguely sensible:

{ oauth_consumer_key: 'EcdM735JygrmO42fzw8SIfbFUMDy1ShVY5bBnefn',

oauth_nonce: 'cNvPEgdgjvQWX5FgS56XkyLaMhQNggmh',
oauth_signature_method: 'HMAC-SHA1',
oauth_timestamp: 1594910535,
oauth_version: '1.0',
oauth_callback: 'http://localhost/app/',
oauth_signature: 'WuYA7G8s4qPCht+cF7t7FpTP0ck=' }

However if I send that to the request_token endpoint (using node-fetch) I get a 500 error.

Fiurthermore, if I use curl to send the same data to the endpoint, I also get a 500:

curl --data "oauth_consumer_key=EcdM735JygrmO42fzw8SIfbFUMDy1ShVY5bBnefn&oauth_nonce=cNvPEgdgjvQWX5FgS56XkyLaMhQNggmh&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1594910535&oauth_version=1.0&oauth_callback=http%3A%2F%2Flocalhost%2Fapp%2F&oauth_signature=WuYA7G8s4qPCht%2BcF7t7FpTP0ck%3D" https://www.openstreetmap.org/oauth/request_token

I'm guessing something's wrong with the signing process. I used the examples given in the oauth-1.0a documentation to generate the parameters.

I'm surprised I'm getting a 500 rather than say a 400.

Thanks,
Nick

_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev

Developer Discussion mailing list

Re: OAuth difficulties from node.js client

In reply to this post by Nick Whitelegg-2

On 16/07/2020 16:04, Nick Whitelegg wrote:

> Fiurthermore, if I use curl to send the same data to the endpoint, I
> also get a 500:
>
> curl --data
> "oauth_consumer_key=EcdM735JygrmO42fzw8SIfbFUMDy1ShVY5bBnefn&oauth_nonce=cNvPEgdgjvQWX5FgS56XkyLaMhQNggmh&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1594910535&oauth_version=1.0&oauth_callback=http%3A%2F%2Flocalhost%2Fapp%2F&oauth_signature=WuYA7G8s4qPCht%2BcF7t7FpTP0ck%3D"
> https://www.openstreetmap.org/oauth/request_token
>
> I'm guessing something's wrong with the signing process. I used the
> examples given in the oauth-1.0a documentation to generate the parameters.
>
> I'm surprised I'm getting a 500 rather than say a 400.

No that's normal - it's a bug in the OAuth library really but
getting a 500 if the client ID is invalid or the signature fails
is the "normal" behaviour as things stand.

Tom

--
Tom Hughes ([hidden email])
http://compton.nu/

_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev

Nick Whitelegg-2

Re: OAuth difficulties from node.js client

In reply to this post by Developer Discussion mailing list

Don't think it is that, as other OAuth clients were working fine and also the wiki example works; in fact I have got a complete OAuth flow now working, using the documented method on the wiki using the 'request' package, but just thought I'd try something else as that was deprecated.

Will try one or two other packages and see if they work.

Thanks,

Nick

From: Mateusz Konieczny via dev <[hidden email]>
Sent: 16 July 2020 17:00
Cc: [hidden email] <[hidden email]>
Subject: Re: [OSM-dev] OAuth difficulties from node.js client

Osm website had sone downtime,

maybe your code is ok?

16 Jul 2020, 17:04 by [hidden email]:

Hello everyone,

Realise this might be a difficult one, but posting it here in case anyone's encountered similar problems or if anyone can obviously see what's wrong with the request (see below).

I'm trying to connect to the OSM OAuth API request_token endpoint from a node.js based client.

If I use the recommended example on the wiki for node.js, it works correctly (I get a token and a secret back), _however_ the 'request' module is now deprecated so probably not the best thing to use, even though it handles oauth automatically.

I found an alternative module which generates the correct parameters to send to the request token endpoint at:

https://www.npmjs.com/package/oauth-1.0a

and it generated parameters which look vaguely sensible:

{ oauth_consumer_key: 'EcdM735JygrmO42fzw8SIfbFUMDy1ShVY5bBnefn',

oauth_nonce: 'cNvPEgdgjvQWX5FgS56XkyLaMhQNggmh',

oauth_signature_method: 'HMAC-SHA1',

oauth_timestamp: 1594910535,

oauth_version: '1.0',

oauth_callback: 'http://localhost/app/',

oauth_signature: 'WuYA7G8s4qPCht+cF7t7FpTP0ck=' }

However if I send that to the request_token endpoint (using node-fetch) I get a 500 error.

Fiurthermore, if I use curl to send the same data to the endpoint, I also get a 500:

curl --data "oauth_consumer_key=EcdM735JygrmO42fzw8SIfbFUMDy1ShVY5bBnefn&oauth_nonce=cNvPEgdgjvQWX5FgS56XkyLaMhQNggmh&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1594910535&oauth_version=1.0&oauth_callback=http%3A%2F%2Flocalhost%2Fapp%2F&oauth_signature=WuYA7G8s4qPCht%2BcF7t7FpTP0ck%3D" https://www.openstreetmap.org/oauth/request_token

I'm guessing something's wrong with the signing process. I used the examples given in the oauth-1.0a documentation to generate the parameters.

I'm surprised I'm getting a 500 rather than say a 400.

Thanks,

Nick

_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev