Accessing Resources Failure (401)

Hi, I've tried every variation here.

I have successfully established an access token per the standard OAuth flow. However, when I attempt to access a resource, with a well-formed Authorization header, parameters, and signature (HMAC), I receive an error, 401 / "Please provide valid credentials".

What, specifically, does this mean? I understand that you guys support the Sessions extension, but does that play into the normal flow?

Not sure where to take it from here - any help is appreciated. Happy to provide whatever information I can.

5 Replies
  • Okay, so the issue is that I am trying to access resources from a different server than the one from which I established the session. Apparently the domain requires a sub-domain, so I can't create a general application for our service. If that's not going to work, I don't think we're going to be able to use Y! apis... Regardless, when I try to access any resource from the original authorizing server, I get (502) "Server Hangup" for any request, which, I assume, is all on Yahoo!'s end.
  • Please provide more details by sending an email to oauth-feedback@yahoo-inc.com and someone from engineering will assist you with the issue.

    Aanchal Gupta

    Yahoo! Membership Team
  • you have to make signature properly
    also pass the encoded token the parameters you are adding.
    and use encoded token value while generating the signature.
  • Hi,

    I have the same problem, every time I make a request for private user data I get the following response:

    response: Response: 502 Server Hangup responsebody: <HEAD><TITLE>Server Hangup</TITLE></HEAD><BODY BGCOLOR="white" FGCOLOR="black"><FONT FACE="Helvetica,Arial"><B> Server Hangup</B></FONT><!-- default "Server Hangup" response (502) --></BODY>

    And yes, I made sure that my request contains the proper oauth values:

    POST /v1/yql?q=select%20*%20from%20social.profile%20where%20guid%3Dme&format=json HTTP/1.1

    Authorization: OAuth oauth_token="A%3DfqtZJXXMuVvaq3X8ykgh855FJxwwskRE37MLD7KDoFz0LjtNOS2nBB7Q9JBD5AyYZAG50gnEzBoEwN
    XyKrpPMkG9onKOGH5LrAnuOya4KzmBOuzkr_xxx--", oauth_verifier="paxphu", oauth_consumer_key="dj0yJmk9UnlWaDk2TWFxdTQyJmQ9WVdrOVJqTlFRVWw0TjJjbWNHbzlNVEUwTXpJMk1EQTJNZy0
    tJnM9Y29uc3VtZXJzZWNyZXQmeD1jMg--", oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1274182073", oauth_nonce="2030112002062743781", oauth_signature="iTm%2FQ3QC2WG%2FHk%2Bl%2BH3YgNYOOtU%3D"

    Content-Length: 0

    Host: query.yahooapis.com

    Connection: Keep-Alive

    User-Agent: Apache-HttpClient/4.0.1 (java 1.5)

    Here is the source code I use:

    protected ModelAndView showForm(final HttpServletRequest originalrequest, final HttpServletResponse response, final BindException errors) throws Exception {

    OAuthConsumer consumer = new CommonsHttpOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET);
    OAuthProvider provider = new DefaultOAuthProvider("https://api.login.yahoo.com/oauth/v2/get_request_token", "https://api.login.yahoo.com/oauth/v2/get_token",

    final Map<String, Object> model = new HashMap<String, Object>();
    String parameterTok = originalrequest.getParameter("oauth_token");
    String parameterVer = originalrequest.getParameter("oauth_verifier");

    if (parameterTok == null || parameterVer == null) {
    // /STEP 1 ///
    String authUrl = provider.retrieveRequestToken(consumer, "http://mydomain.com:8080/yahooauthorization/yahooinfo.html");

    requestParameters = consumer.getRequestParameters();
    this.tokenSecret = consumer.getTokenSecret();

    model.put("text", authUrl);
    model.put("yahooTan", "");

    final ModelAndView showForm = super.showForm(originalrequest, response, errors, model);
    return showForm;
    } else {
    // STEP 3, user has to be authenticated //
    consumer.setTokenWithSecret(parameterTok, tokenSecret);
    provider.retrieveAccessToken(consumer, parameterVer);

    // make 3-legged user info request
    HttpPost request = new HttpPost("http://query.yahooapis.com/v1/yql?q=select%20*%20from%20social.profile%20where%20guid%3Dme&format=json");
    // sign the request

    HttpClient httpClient = new DefaultHttpClient();
    HttpResponse response2 = httpClient.execute(request);

    String res = "Response: " + response2.getStatusLine().getStatusCode() + " " + response2.getStatusLine().getReasonPhrase();
    StringBuilder responsebody = readBody(response2.getEntity().getContent());

    model.put("parameter", "token:" + parameterTok + ", verifier:" + parameterVer);
    model.put("response", res + " responsebody: " + responsebody);

    return new ModelAndView("signpost", model);

    private StringBuilder readBody(InputStream is) throws IOException {
    BufferedReader in = new BufferedReader(new InputStreamReader(is));
    String inputLine;

    StringBuilder builder = new StringBuilder();
    while ((inputLine = in.readLine()) != null)
    return builder;

    Can somebody help me?
    Thank you !!
  • Hi,

    HTTP error code 502 means server error. It has something to do
    with the YQL server. This is different from 401 which is mostly
    OAuth error. I don't think there is any problem with your OAuth
    request per se. Can you please check with the YQL forum?

    I am closing this topic since it is really old and the problem
    you see is different from the original post.

    Yu Wang
    Yahoo! Membership Team

Recent Posts

in OAuth General Discussion YDN SDKs