Bearer token in the (OAuth) Authorization request header for REST API POST call

vb.net rest oauth oauth-2.0 restful-authentication

23,288

My recent experience with Oauth suggests the content type should be:

Request.ContentType = "application/x-www-form-urlencoded" Request.Method = "POST" Request.ContentLength = byteArray.Length

rather than request.ContentType = "application/json"

23,288

Author by

StealthRT

Updated on July 08, 2022

Comments

StealthRT almost 2 years
Hey all i am trying to figure out how to do this OAuth authorization token for a REST API POST call.

The documents state:
```
With a valid access token, your app can make calls to any Yammer API endpoint by sending the access token as a “Bearer” token in the “Authorization” request header.

GET /api/v1/messages/following.json HTTP/1.1 
Host: www.yammer.com 
Authorization: Bearer abcDefGhiFor

more details on the “Bearer” token refer to [enter link description here][1] 

If the access token expires or the user de-authorizes your app, the API request will return an HTTP 401 with the following error in the body of the response.

{
  "response": {
    "message": "Token not found.",
    "code": 16,
    "stat": "fail"
  }
}
```
Your app can request a new access token by re-running the appropriate flow if this error occurs.

Currently my VB.net code is this:
```
Dim request As HttpWebRequest
Dim response As HttpWebResponse = Nothing
Dim reader As StreamReader
Dim address As Uri
Dim data As StringBuilder
Dim byteData() As Byte
Dim postStream As Stream = Nothing

address = New Uri("https://www.yammer.com/api/v1/messages.json")
request = DirectCast(WebRequest.Create(address), HttpWebRequest)

request.Method = "POST"
request.Headers("Authorization") = "Bearer " & yammerAPI.userToken
request.ContentType = "application/json"
request.Host = "www.yammer.com"

Dim body As String = "test"
Dim replied_to_id As Integer = 123456789
Dim group_id As Integer = 123456789

data = New StringBuilder()
'data.Append("&replied_to_id=" & HttpUtility.UrlEncode(replied_to_id))
data.Append("group_id=" & HttpUtility.UrlEncode(group_id))
data.Append("&body=" & HttpUtility.UrlEncode(body))

byteData = UTF8Encoding.UTF8.GetBytes(data.ToString())
request.ContentLength = byteData.Length

Try
   postStream = request.GetRequestStream()
   postStream.Write(byteData, 0, byteData.Length)
Finally
   If Not postStream Is Nothing Then postStream.Close()
End Try

Try
   response = DirectCast(request.GetResponse(), HttpWebResponse)
   reader = New StreamReader(response.GetResponseStream())
   Debug.Print(reader.ReadToEnd())
Finally
   If Not response Is Nothing Then response.Close()
End Try
```
I keep getting an error of: The remote server returned an error: (401) Unauthorized.

I found this in a following Stackoverflow posting:

The Yammer API requires the OAuth data to be in the header. If you look at their example for Getting Data, you'll see the request looks like.

GET /api/v1/messages/favorites_of/1234 HTTP/1.1 HOST: www.yammer.com

Authorization: OAuth oauth_consumer_key="KsTROcNF1Fx3e1PwA",oauth_token="vlVH7A7DOm9wXuHdv58A",oauth_signature_method="PLAINTEXT",oauth_timestamp="1297383841092",oauth_nonce="1047685618",oauth_verifier="E4F8",oauth_signature="yPsEvDnNPIA8xGCFLvMJ73K0DD9ivMpATJeFOSo%26fSFh9UPkHQ6oRwK5OTne33ltnSnbQ9XrAhA72heg"

The OAuth data is in the Authorization header and not in the URL. The only time you have any OAuth data in the URL is when you do the authorize.

Any help would be great to understand this more!
- Eugenio Pace over 10 years
  
  How are you obtaining yammerAPI.userToken?
- StealthRT over 10 years
  
  @EugenioPace By going though each state (using webbrowser). Logging into yammer, being redirected via my redirect link of the app which places the code at the end of that (blahblah.com/?code=XYZ). Then i take that code and do this Dim url As String = "yammer.com/oauth2/access_token.json?client_id=" & clientID & "&client_secret=" & clientSecret & "&code=" & authorizedToken and parse the JSON and get the access_token from that. The access_token is my yammerAPI.userToken.
- Mark S. over 10 years
  
  Look at the code example in [this question][1]. [1]: stackoverflow.com/questions/14188938/…
- StealthRT over 10 years
  
  @MarkS. Could you give me some more info on how to go about finding the oauth_consumer_key, oauth_timestamp, oauth_nonce, oauth_verifier & oauth_signature?? All the yammer documents state that it only needs to send the Bearer + token is enough in the header?
- Mark S. over 10 years
  
  If you follow the Yammer docs in the introduction they talk about setting up the OAuth so that you can get the needed OAuth client ID etc. Once the authorization is setup you use the Bearer to request data.