Magento REST API OAuth

php magento rest oauth magento-1.7

10,051

Solution 1

I learned you can't include the port number of a URL for an Oauth Request. The port number gets stripped, so when the keys are compared, they don't match. Changing the port to 80 (so that it doesn't have to be included in the url) solved the problem.

Solution 2

Just override Mage_Oauth_Model_Server::_validateSignature(), on line 52 (magetno CE 1.8.1)

$this->_request->getHttpHost()

and make it :

 $this->_request->getHttpHost(!Mage::getIsDeveloperMode())

This way, if you are in developer mode (set it by SetEnv in your vhost <Directory /> part), the method won't strip the port number, plus it won't change the production environment behavior.

10,051

Author by

andyjv

Multimedia Designer, getting into the world of web programming. Very comfortable with HTML and CSS, and now getting my hands dirty with JS and jQuery.

Updated on June 04, 2022

Comments

andyjv almost 2 years

Magento ver. 1.7.0.2

I'm new to Magento, REST and oauth. I want to be able to use the Magento REST API to be able to modify an online store with an inhouse Customer Management System. I have been able to set up Magento easily enough, but I'm struggling with REST, specifically with the oauth.

I am currently running Magento on MAMP 2.1.1 on OSX 10.7.5. I was able to install OAUTH using these directions: Installing PHP OAuth in MAMP environment

Following the Magento tutorial I am using the Firefox RESTClient to test OAuth. I have set up Roles and a Consumer in Magento, and put the keys in the corresponding fields in RESTClient.

When I post to

http://localhost:8888/store/oauth/initiate?oauth_callback=http://localhost:8888/store/oauth_admin.php

I get the reponse

oauth_problem=signature_invalid&debug_sbs=QiIiTo3WGTZLTOhyIest9B5+l5s=

Using the test PHP script on Magento ( http://www.magentocommerce.com/api/rest/introduction.html )

<?php
/**
 * Example of products list retrieve using admin account via Magento REST
API. oAuth authorization is used
 */
$callbackUrl = "http://localhost:8888/store/oauth_admin.php";
$temporaryCredentialsRequestUrl =
"http://localhost:8888/store/oauth/initiate?oauth_callback=" .
urlencode($callbackUrl);
$adminAuthorizationUrl = 'http://localhost:8888/store/admin/oAuth_authorize';
$accessTokenRequestUrl = 'http://localhost:8888/store/oauth/token';
$apiUrl = 'http://localhost:8888/store/api/rest';
$consumerKey = 'obscured';
$consumerSecret = 'obscured';

session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) &&
$_SESSION['state'] == 1) {
   $_SESSION['state'] = 0;
}
try {
   $authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION
: OAUTH_AUTH_TYPE_URI;
   $oauthClient = new OAuth($consumerKey, $consumerSecret,
OAUTH_SIG_METHOD_HMACSHA1, $authType);
   $oauthClient->enableDebug();

  if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
   $requestToken =
$oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
       $_SESSION['secret'] = $requestToken['oauth_token_secret'];
       $_SESSION['state'] = 1;
       header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' .
$requestToken['oauth_token']);
       exit;
   } else if ($_SESSION['state'] == 1) {
       $oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
       $accessToken =
$oauthClient->getAccessToken($accessTokenRequestUrl);
       $_SESSION['state'] = 2;
       $_SESSION['token'] = $accessToken['oauth_token'];
       $_SESSION['secret'] = $accessToken['oauth_token_secret'];
       header('Location: ' . $callbackUrl);
       exit;
   } else {
       $oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
       $resourceUrl = "$apiUrl/products";
       $oauthClient->fetch($resourceUrl);
           $productsList = json_decode($oauthClient->getLastResponse());
           print_r($productsList);
       }
    } catch (OAuthException $e) {
       print_r($e);
    }
    ?>

I get the following error:

Notice: Undefined index: state in /Applications/MAMP/htdocs/store/test.php on line 23

Notice: Undefined index: state in /Applications/MAMP/htdocs/store/test.php on line 29
OAuthException Object ( [message:protected] => Invalid auth/bad request (got a 401,         expected HTTP/1.1 20X or a redirect) [string:private] => [code:protected] => 401     [file:protected] => /Applications/MAMP/htdocs/store/test.php [line:protected] => 31 [trace:private] => Array ( [0] => Array ( [file] => /Applications/MAMP/htdocs/store/test.php [line] => 31 [function] => getRequestToken [class] => OAuth [type] => -> [args] => Array ( [0] => http://localhost:8888/store/oauth/initiate?oauth_callback=http%3A%2F%2Flocalhost%3A8888%2Fstore%2Foauth_admin.php ) ) ) [lastResponse] => oauth_problem=signature_invalid&debug_sbs=c3Pb0LJa26al02LJh9hSubXlBs8= [debugInfo] => Array ( [sbs] => GET&http%3A%2F%2Flocalhost%3A8888%2Fstore%2Foauth%2Finitiate&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A8888%252Fstore%252Foauth_admin.php%26oauth_consumer_key%3D41rv8qwkai1og9yp6ragyew5rag5e9oj%26oauth_nonce%3D10898187885101843ed45b24.99726561%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1359053886%26oauth_version%3D1.0 [headers_sent] => GET /store/oauth/initiate?oauth_callback=http%3A%2F%2Flocalhost%3A8888%2Fstore%2Foauth_admin.php&oauth_consumer_key=41rv8qwkai1og9yp6ragyew5rag5e9oj&oauth_signature_method=HMAC-SHA1&oauth_nonce=10898187885101843ed45b24.99726561&oauth_timestamp=1359053886&oauth_version=1.0&oauth_signature=F36aIxyET2XEVXDCJxm4jxGsRPg%3D HTTP/1.1 User-Agent: PECL-OAuth/1.2.3 Host: localhost:8888 Accept: */* [headers_recv] => HTTP/1.1 401 Authorization Required Date: Thu, 24 Jan 2013 18:58:06 GMT Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8r DAV/2 PHP/5.2.17 X-Powered-By: PHP/5.2.17 Content-Length: 70 Content-Type: application/x-www-form-urlencoded [body_recv] => oauth_problem=signature_invalid&debug_sbs=c3Pb0LJa26al02LJh9hSubXlBs8= [info] => About to connect() to localhost port 8888 (#0) Trying ::1... connected Connected to localhost (::1) port 8888 (#0) Connection #0 to host localhost left intact Closing connection #0 ) )

As far as I can tell I've done everything correctly, going so far as to completely wipe Magento and doing a fresh install after figuring out how to get Oauth installed. I have no idea what to do next and any help would be greatly appreciated, thanks.

Nitin Bansal almost 11 years

But what is the solution. I mean if I cannot for some reason change the port number, then what should i do?
andyjv almost 11 years

You have to find some way to make the connection on Port 80 (http) or 443 (https)
Mark Bennett over 10 years

I hit this and was also healed by moving to port 80, THANK YOU! Some notes for other searchers: I was using MAMP PRO on Mac OS X, which defaults to port 8888, which I had left as-is when I installed Magento. The base REST API was working. I was using Python with rauth and OAuth1Service. Further hint: When this line failed: request_token, request_token_secret = service.get_request_token(...), I tried using: raw = service.get_raw_request_token(...) and then print "RAW Request Token reply: " + str(raw), and I was seeing "<Response [401]>", but I had carefully checked Roles under Web Services.
skyred about 8 years

Port number must be stripped (normalized) when doing OAuth 1.0 signature. After doing this, I was able to connect to Magento as if the service were on port 80.