0

OAuth with address bok service

Hello guys,

i am playing around trying to integrate Yahoo Address Book in to my django based application. For generating oauth headers and urls i use a python library from http://code.google.com/p/oauth/. I have managed to get valid access token, but i have stacked with accessing the service.

address service url -> http://address.yahooapis.com/api/ws/v1/sea...email.present=1

base_string -> GET&http%3A%2F%2Faddress.yahooapis.com%2Fapi%2Fws%2Fv1%2FsearchContacts&oauth_consumer_key%3Ddj0yJmk9Z3d5MkNNRWJNOWp6JmQ9WVdrOWFXUnhjRWRSTm5FbWNHbzlNVEk1T0RBek1UUTBNZy0tJn
M9Y29uc3VtZXJzZWNyZXQmeD04Mw--%26oauth_nonce%3D03799283%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1237817764%26oauth_token%3DA%253DKo5sP1aQp0dTM9pzH6x8tNfIpppYHpXj7wM0hGvmo0ypmROCJbGbjPZsTXXk77I_M.Ij6n7cbTDt
s8oNJkw1W1Vy1AeOhUmyWO5FcNXCxvZ6YMfaGVOsvBOK9vO2Q2BNoTTlIrzuKxcvRw.ji.jeZH386Et4
s
iRp4BYJjCCZSKC3SgjvyurQPrUKoaA5ouW6PqsYaT2kLOyV1RiWYs0oc0MH7YOiLO7GIx1JeN_MQRTi9
D
GbVx61DU1GXzaffps8RrCoUdSlCzyXfzGMRrKM9qt4ahnrFc0l_0Uy27xCtlRWPJ_4S11I9HvoXRyJYz
B
c6l3TYl3AYt4ni7Oc56y2mOJlxW_rxNySDYDoeVeSUcyv9kAhe0IegSQKMCSAJ9ioel4Kiqe6ZRgtgop
f
kn2jjVTFwH4foKJrUMxv2RwMmltH8cHC5_2GNH6FFyUIZGo9GOb1Km065PC9cuFHysQLKCKUcyMmJkDc
8
GGGlZDWo2k9dqditncFeCwq_ez2qpcrs2j8geTsx5finWJmPpwxhOmoSvioGO4dbDw93i6T8ck4Tm6An
t
tIqP70XfwEyQpAtTIilFhUEbpxVvBBuYdNmjcVL.MRm_w8oKYPh.sqEMr55RRQ9NGOzvIODoPIroZW3d
t
PqqIw83D8HS33pyg2XIV6PgZX57wByd0QPEPW6DyKN6wCcQRSUoKCmhRfpX2QaGbURb828_QTvH4_Hk3
U
41l1jSrlMK4NfxHmFuujPmA5VCTX9gXDUsh2hI4h%26oauth_version%3D1.0

Authorization: OAuth
realm="yahooapis.com",
oauth_nonce="03799283",
oauth_timestamp="1237817764", oauth_consumer_key="dj0yJmk9Z3d5MkNNRWJNOWp6JmQ9WVdrOWFXUnhjRWRSTm5FbWNHbzlNVEk1T0RBek1UUTBNZy0
tJnM9Y29uc3VtZXJzZWNyZXQmeD04Mw--", oauth_signature_method="HMAC-SHA1",
oauth_version="1.0", oauth_token="A%3DKo5sP1aQp0dTM9pzH6x8tNfIpppYHpXj7wM0hGvmo0ypmROCJbGbjPZsTXXk77I_M.Ij6n7cbTDts8
oNJkw1W1Vy1AeOhUmyWO5FcNXCxvZ6YMfaGVOsvBOK9vO2Q2BNoTTlIrzuKxcvRw.ji.jeZH386Et4si
R
p4BYJjCCZSKC3SgjvyurQPrUKoaA5ouW6PqsYaT2kLOyV1RiWYs0oc0MH7YOiLO7GIx1JeN_MQRTi9DG
b
Vx61DU1GXzaffps8RrCoUdSlCzyXfzGMRrKM9qt4ahnrFc0l_0Uy27xCtlRWPJ_4S11I9HvoXRyJYzBc
6
l3TYl3AYt4ni7Oc56y2mOJlxW_rxNySDYDoeVeSUcyv9kAhe0IegSQKMCSAJ9ioel4Kiqe6ZRgtgopfk
n
2jjVTFwH4foKJrUMxv2RwMmltH8cHC5_2GNH6FFyUIZGo9GOb1Km065PC9cuFHysQLKCKUcyMmJkDc8G
G
GlZDWo2k9dqditncFeCwq_ez2qpcrs2j8geTsx5finWJmPpwxhOmoSvioGO4dbDw93i6T8ck4Tm6Antt
I
qP70XfwEyQpAtTIilFhUEbpxVvBBuYdNmjcVL.MRm_w8oKYPh.sqEMr55RRQ9NGOzvIODoPIroZW3dtP
q
qIw83D8HS33pyg2XIV6PgZX57wByd0QPEPW6DyKN6wCcQRSUoKCmhRfpX2QaGbURb828_QTvH4_Hk3U4
1
l1jSrlMK4NfxHmFuujPmA5VCTX9gXDUsh2hI4h"
oauth_signature="FNsvOg7xIJeVNtClt2ob37qqs0M%3D"

I get 403 with following body: <!-- web232.address.pim.re3.yahoo.com uncompressed Mon Mar 23 07:16:05 PDT 2009 --> and have no ideas how to debug my application.

According to http://developer.yahoo.com/oauth/guide/oau...ke-request.html i seems to use correct Authorization header. Do i sign wrong base string?

Any ideas and of course solutions are appreciated smile.gif

Thanks in advance,

Bogdan Sulima.

P.S.: i have managed to get the Contact from the gdata service (using the save python library) so i am not totally dumb smile.gif

by
4 Replies
  • QUOTE (bogdan.sulima @ Mar 23 2009, 06:35 AM) <{POST_SNAPBACK}>
    address service url -> http://address.yahooapis.com/api/ws/v1/sea...email.present=1


    I think you're using the wrong URL. There are currently two Yahoo! Address Book web services:

    One that uses BBAuth: http://developer.yahoo.com/addressbook/
    One that uses OAuth: http://developer.yahoo.com/social/rest_api...s-resource.html

    It looks like you're sending OAuth credentials to the BBAuth service. Have a look at the OAuth service and update your URLs accordingly. That should fix the problems you're seeing.

    Ryan
    0
  • QUOTE (Ryan Kennedy @ Mar 25 2009, 08:48 AM) <{POST_SNAPBACK}>
    I think you're using the wrong URL. There are currently two Yahoo! Address Book web services:

    One that uses BBAuth: http://developer.yahoo.com/addressbook/
    One that uses OAuth: http://developer.yahoo.com/social/rest_api...s-resource.html

    It looks like you're sending OAuth credentials to the BBAuth service. Have a look at the OAuth service and update your URLs accordingly. That should fix the problems you're seeing.

    Ryan


    Ryan, thanks a lot for your reply. I have been using wrong URL for accessing contacts api.

    Now i am getting meaningfull error message in response header and body:

    HTTP code: 401.

    www-authenticate: OAuth oauth_problem="signature_invalid", realm="yahooapis.com"

    <?xml version='1.0' encoding='UTF-8'?>
    <yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
    xml:lang='en-US'>
    <yahoo:description>Please provide valid credentials</yahoo:description>
    </yahoo:error>

    I try to get data from http://social.yahooapis.com/v1/user/UID/contacts and http://social.yahooapis.com/v1/user/UID/profile, with UID = xoauth_yahoo_guid. Any ideas what else can i check? Is some oauth parameter missing in the Authorization header?
    0
  • OAuth protected Yahoo APIs use the OAuth Problem Reporting extension to return errors back to your consumer. The problem should be returned in the WWW-Authenticate header in the response. Was there a problem reported in the response?
    0
  • QUOTE (atom @ Mar 24 2009, 10:34 AM) <{POST_SNAPBACK}>
    OAuth protected Yahoo APIs use the OAuth Problem Reporting extension to return errors back to your consumer. The problem should be returned in the WWW-Authenticate header in the response. Was there a problem reported in the response?


    QUOTE (atom @ Mar 24 2009, 10:34 AM) <{POST_SNAPBACK}>
    OAuth protected Yahoo APIs use the OAuth Problem Reporting extension to return errors back to your consumer. The problem should be returned in the WWW-Authenticate header in the response. Was there a problem reported in the response?


    The headers i get from the Yahoo Contacts API call are:

    ('transfer-encoding', 'chunked'),
    ('connection', 'close'),
    ('cache-control', 'private'),
    ('date', 'Tue, 24 Mar 2009 21:12:03 GMT'),
    ('p3p', 'policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"'),
    ('content-type', 'text/html; charset=utf-8')

    There is no WWW-Authenticate header in response.

    My request URL and headers are:

    request url -> http://address.yahooapis.com/api/ws/v1/searchContacts

    Currently i send only single header to Contacts API:

    Authorization: OAuth realm="yahooapis.com",
    oauth_nonce="39219838",
    oauth_timestamp="1237929861", oauth_consumer_key="blal-blah-blah",
    oauth_signature_method="HMAC-SHA1",
    oauth_version="1.0", oauth_token="blah-blah-blah",
    oauth_signature="oG2JAcBhq3xpH5vLgOmJXhQBjNc%3D"


    I have also tried to refresh access token (in unittest i do this several times) and it works as it should (or at least as i expect). So authorization with Yahoo OAuth seems to work fine. In "My Projects" dashboard i see, that my application has read access to Yahoo! Contacts.

    I make all requests from the development machine and not from the server host i have registered in My Projects.

    P. S.: if i go http://address.yahooapis.com/api/ws/v1/searchContacts via FF with Firebug plugin i also do not get a WWW-Authenticate header.
    0

Recent Posts

in OAuth General Discussion YDN SDKs