0

Token refresh

Im getting a 401 error when i try to refresh the token. I think I have everything set correctly, usually I only get a 401 if I am missing a parameter. Run out of ideas as to why the server is not happy.


CODE
Step 1, getting token using oauth_verifier, 

[SIGNPOST] SBS: POST&https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Fget_token&oauth_consumer_key%3Ddj0yJmk9MkxhZWE3MUlPeWlhJmQ9WVdrOWRVRlRTRnBxTkRnbWNHbzlNVGcyT1RneE16WXkmcz1jb2
5zdW1lcnNlY3JldCZ4PTZl%26oauth_nonce%3D-6853576374953552468%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1283530210%26oauth_token%3De2pter8%26oauth_verifier%3Dnc9p5w%26oauth_version%3D1.0
[SIGNPOST] signature: fp75shJqEfMHBQ2AtipM7/UPimE=
[SIGNPOST] Auth header: null
[SIGNPOST] Request URL: https://api.login.yahoo.com/oauth/v2/get_token

Step 2, get back token/secret and GUID and session handle

OAuth token: A=PPEj.6_LnTaQxllQisx3BuO_PP57todcE.USH6peSv1VhFqcOI2lTSzYcDeN_tAHXRv0aQWE1uLb4c
Wkh82i8sB0uatwLwNTvqohLStz9oblB4E.kK6jRgPsToNbA3zSlP_uvW3_ul2po5H4BgJ8LfWajzzMZ_b
pKLWaOZ5t3SUliu_ULXj3C1z_eLSvTQHdAHOtcFza5LfiL5v43O7uiyBYA.lVHs1Qh0vKPSAHuKNNTAs9
CvqnJ57DVxgOTN49RaTXRbhD1AdbUYNS5l5Sv682J3xegx4y_tTzHKirCfFwWAr_PCnGuknMfEgNz5f9A
mAr8_gp6rfr39bHAPC8SWsKBBgIymIkCRFki_dBZKyJHDUXHBnLUHwxEHk.BmGKE2.KZ2Wgz9vgaMLF9y
KlCLndaBuvdcXCvOH7stiRbM6X1NA_MESsFyjE0.l8I3VNIqRKnTgMGY6nts73zWvdAr78X05Q06ODLy3
VqriXlkUeNQWGVvNf40bopJPPIPLJsTu.WTdu4Qf_6Xp.2fnLc5gAFR.JCc1.oNESDsECgBKy.HTihM4O
eBTWXswIxkXHVsaXjmjVpZUTD9z7rpMBMhJQmiw3cuSYXB45bjbaYlz3p_f5b4OF0xc6fx5jyXtaW8F6D
BvcDShQwVF2JoRU0pCQOyg.H1MUF2wDm239waMwWUw514Rep60pXAVxC06RC0zrn6aVIkKp3L6xhbzB1L
U_h1hE7PCpBjybRQ--
OAuth secret: c137dcf694f6ed19d34e5161047d85ce7841aedd
GUID: PQAR6RNN7JSGXKWVKZF7PT73FA
Session Handle: ANPCf0xi3doHM_X5nCMBaShEuF85Givxk_5oqSYbBI_m0xfgPg--


Step 3, turn around and use token, secret, and session handle to refresh the token:


[SIGNPOST] SBS: POST&https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Fget_token&oauth_consumer_key%3Ddj0yJmk9MkxhZWE3MUlPeWlhJmQ9WVdrOWRVRlRTRnBxTkRnbWNHbzlNVGcyT1RneE16WXkmcz1jb2
5zdW1lcnNlY3JldCZ4PTZl%26oauth_nonce%3D-1415380955218640793%26oauth_session_handle%3DANPCf0xi3doHM_X5nCMBaShEuF85Givxk_5oqSYbBI_m0xfgPg--%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1283530211%26oauth_token%3DA%253DPPEj.6_LnTaQxllQisx3BuO_PP57todcE.USH6peSv1VhFqcOI2lTSzYcDeN_tAHXRv0aQWE1uLb
4cWkh82i8sB0uatwLwNTvqohLStz9oblB4E.kK6jRgPsToNbA3zSlP_uvW3_ul2po5H4BgJ8LfWajzzMZ
_bpKLWaOZ5t3SUliu_ULXj3C1z_eLSvTQHdAHOtcFza5LfiL5v43O7uiyBYA.lVHs1Qh0vKPSAHuKNNTA
s9CvqnJ57DVxgOTN49RaTXRbhD1AdbUYNS5l5Sv682J3xegx4y_tTzHKirCfFwWAr_PCnGuknMfEgNz5f
9AmAr8_gp6rfr39bHAPC8SWsKBBgIymIkCRFki_dBZKyJHDUXHBnLUHwxEHk.BmGKE2.KZ2Wgz9vgaMLF
9yKlCLndaBuvdcXCvOH7stiRbM6X1NA_MESsFyjE0.l8I3VNIqRKnTgMGY6nts73zWvdAr78X05Q06ODL
y3VqriXlkUeNQWGVvNf40bopJPPIPLJsTu.WTdu4Qf_6Xp.2fnLc5gAFR.JCc1.oNESDsECgBKy.HTihM
4OeBTWXswIxkXHVsaXjmjVpZUTD9z7rpMBMhJQmiw3cuSYXB45bjbaYlz3p_f5b4OF0xc6fx5jyXtaW8F
6DBvcDShQwVF2JoRU0pCQOyg.H1MUF2wDm239waMwWUw514Rep60pXAVxC06RC0zrn6aVIkKp3L6xhbzB
1LU_h1hE7PCpBjybRQ--%26oauth_version%3D1.0
[SIGNPOST] signature: 4Z7McgBRDglUy7zuYhKctSibqGY=
[SIGNPOST] Auth header: null
[SIGNPOST] Request URL: https://api.login.yahoo.com/oauth/v2/get_token


Get back 401 error

12:10:11,501 WARN YahooOAuth:190 - OAuth error
oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: Server returned HTTP response code: 401 for URL: https://api.login.yahoo.com/oauth/v2/get_token

by
3 Replies
  • Hi Eric,

    Can you please provide the complete HTTP response, including header and
    content body? They have the detailed error message.

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0
  • Response is:

    un.net.www.MessageHeader@38834cfb9 pairs: {null: HTTP/1.1 401 Forbidden}{Date: Tue, 07 Sep 2010 12:56:43 GMT}{Set-Cookie: B=boj9eh168cdkb&b=3&s=md; expires=Tue, 07-Sep-2012 20:00:00 GMT; path=/; domain=.yahoo.com}{P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"}{WWW-Authenticate: OAuth oauth_problem=token_rejected}{Connection: close}{Transfer-Encoding: chunked}{Content-Type: application/x-www-form-urlencoded}{Cache-Control: private}


    Im trying to get signpost to add the additional oauth_session_handle parameter by subclassing their Provider to add it. This is what happens when you add non-standard API's to OAuth, you make life difficult for everyone.

    Anyone successfully use signpost to exchange the token?



    QUOTE (omiga @ Sep 3 2010, 10:36 AM) <{POST_SNAPBACK}>
    Hi Eric,

    Can you please provide the complete HTTP response, including header and
    content body? They have the detailed error message.

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0
  • Hi Eric,

    In your OAuth request, do you have the oauth_token properly encoded?
    If Content-Type is application/x-www-form-urlencoded, then in it
    it should have

    ...&oauth_token=A%3D...


    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0

Recent Posts

in OAuth General Discussion YDN SDKs